MyBB Forum Hacked and Re-taken. Trying to figure out exactly what happened.

So my mybb forum was recently hacked, and I am trying to find the exploit that was used. Is it possible this inactive plugin could have been used if it was not chmoded correctly?:

<?php
if(!defined("IN_MYBB"))
{
	die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
}

$plugins->add_hook("global_end", "missyouemail_global_end");

function missyouemail_info() {
	return array(
		"name" 			=> "Miss You Email",
		"description"	=> "Sends an email to each use that hasn't posted in X days.",
		"website"		=> "http://mods.mybboard.net/view/we-miss-you-plugin",
		"author"		=> "LegosJedi",
		"authorsite"	=> "http://mods.mybboard.net/profile/6391",
		"version"		=> "1.0.0",
    	"guid"			=> "582448d8377dd6d0c475612cdf3fb774",
		"compatibility"	=> "14*",
	);
}

function missyouemail_install() {
	global $db;
	
	$query = $db->simple_select("settinggroups", "COUNT(*) as rows");
	$rows = $db->fetch_field($query, "rows");
	
	$insertarray = array(
		'name' => 'missyouemail', 
		'title' => 'Miss You Email', 
		'disporder' => $rows+1, 
		'isdefault' => 0
	);
	$group['gid'] = $db->insert_query("settinggroups", $insertarray);
	
	$insertarray = array(
		'name' => 'mye_onoff',
		'title' => 'Miss You Email Switch',
		'description' => 'Turns on or off Akismet.',
		'optionscode' => 'onoff',
		'value' => 1,
		'disporder' => 0,
		'gid' => $group['gid']
	);
	$db->insert_query("settings", $insertarray);
	
	$insertarray = array(
		'name' => 'mye_days',
		'title' => 'Day Limit',
		'description' => 'How many days should a user be inactive before the email is sent?',
		'optionscode' => 'text',
		'value' => '30',
		'disporder' => 0,
		'gid' => $group['gid']
	);
	$db->insert_query("settings", $insertarray);
	
	$insertarray = array(
		'name' => 'mye_subject',
		'title' => 'Email Subject',
		'description' => 'The Subject of the email to be sent out.',
		'optionscode' => 'text',
		'value' => 'Forum Inactivity - {bbname}',
		'disporder' => 0,
		'gid' => $group['gid']
	);
	$db->insert_query("settings", $insertarray);
	
	$insertarray = array(
		'name' => 'mye_message',
		'title' => 'Email Message',
		'description' => 'The message that will be sent to the user. You can type {username} for the username, {bbname} for your board name, {bburl} for the url of your board, and {days} for the day limit entered above.',
		'optionscode' => 'textarea',
		'value' => $db->escape_string("Hi, {username}\n\nYou've been gone for a while. According to our records, you haven't visited {bbname} in the last {days} days. Why not stop by and start a new discussion, or contribute to an existing one? Come let people know you're still alive!\n\n{bbname}\n{bburl}\n\n--------\n\nThis is an automated message. Please do not reply to this message."),
		'disporder' => 0,
		'gid' => $group['gid']
	);
	$db->insert_query("settings", $insertarray);
	
	$db->write_query("ALTER TABLE ".TABLE_PREFIX."users ADD myesent int NOT NULL default 0");
	
	rebuild_settings();
}

function missyouemail_is_installed()
{
	global $db;
	
	if($db->field_exists('myesent', "users"))
	{
		return true;
	}
	
	return false;
}

function missyouemail_activate()
{
	global $db;
	
	$insertarray = array(
		'title' => 'Miss You Email',
		'description' => 'Sends out emails to users who have been inactive for X amount of days',
		'file' => 'dailymissyouemail',
		'minute' => 0,
		'hour' => 0,
		'day' => '*',
		'month' => '*',
		'weekday' => '*',
		'nextrun' => TIME_NOW, // Let's run it now, shall we?
		'lastrun' => 0,
		'enabled' => 1,
		'logging' => 1,
		'locked' => 0
	);
	
	$db->insert_query("tasks", $insertarray);
}

function missyouemail_uninstall()
{
	global $db;
	
	if($db->field_exists('myesent', "users"))
	{
		$db->write_query("ALTER TABLE ".TABLE_PREFIX."users DROP myesent"); 
	}
	
	// DELETE ALL SETTINGS TO AVOID DUPLICATES
	$db->write_query("DELETE FROM ".TABLE_PREFIX."settings WHERE name IN(
		'mye_onoff',
		'mye_days',
		'mye_subject',
		'mye_message'
	)");
	$db->delete_query("settinggroups", "name = 'missyouemail'");
}

function missyouemail_deactivate()
{
	global $db;
	
	$db->delete_query("tasks", "title = 'Miss You Email'");
}

function missyouemail_global_end()
{
	global $mybb, $db;
	
	if($mybb->user['myesent'] == 1)
	{
		$db->update_query("user", "myesent=0", "uid='".intval($mybb->user['uid'])."'");
	}
}
?>

PHP:

 

yes, scripts which are not activated yet insecure permissions are set on them can be exploited.

 

You might find this page useful. It looks like mybb has had several problems in the past few months:
http://secunia.com/advisories/product/4479/?task=advisories

 

Just replace hacked files with original files. And you could fix this problem.

 

yeap exactly, or better get an updated version. it has better security patches than the one you are currently using.

 

A question, were you using the latest version i.e 1.4.6?

 

Please check your RAW access log's you will be able to find the exploit that was used.

 

Are you using SuPHP?

 

Logically no, considering his script was exploited as a nobody user due to the incorrect permissions.