So my mybb forum was recently hacked, and I am trying to find the exploit that was used. Is it possible this inactive plugin could have been used if it was not chmoded correctly?: <?php if(!defined("IN_MYBB")) { die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); } $plugins->add_hook("global_end", "missyouemail_global_end"); function missyouemail_info() { return array( "name" => "Miss You Email", "description" => "Sends an email to each use that hasn't posted in X days.", "website" => "http://mods.mybboard.net/view/we-miss-you-plugin", "author" => "LegosJedi", "authorsite" => "http://mods.mybboard.net/profile/6391", "version" => "1.0.0", "guid" => "582448d8377dd6d0c475612cdf3fb774", "compatibility" => "14*", ); } function missyouemail_install() { global $db; $query = $db->simple_select("settinggroups", "COUNT(*) as rows"); $rows = $db->fetch_field($query, "rows"); $insertarray = array( 'name' => 'missyouemail', 'title' => 'Miss You Email', 'disporder' => $rows+1, 'isdefault' => 0 ); $group['gid'] = $db->insert_query("settinggroups", $insertarray); $insertarray = array( 'name' => 'mye_onoff', 'title' => 'Miss You Email Switch', 'description' => 'Turns on or off Akismet.', 'optionscode' => 'onoff', 'value' => 1, 'disporder' => 0, 'gid' => $group['gid'] ); $db->insert_query("settings", $insertarray); $insertarray = array( 'name' => 'mye_days', 'title' => 'Day Limit', 'description' => 'How many days should a user be inactive before the email is sent?', 'optionscode' => 'text', 'value' => '30', 'disporder' => 0, 'gid' => $group['gid'] ); $db->insert_query("settings", $insertarray); $insertarray = array( 'name' => 'mye_subject', 'title' => 'Email Subject', 'description' => 'The Subject of the email to be sent out.', 'optionscode' => 'text', 'value' => 'Forum Inactivity - {bbname}', 'disporder' => 0, 'gid' => $group['gid'] ); $db->insert_query("settings", $insertarray); $insertarray = array( 'name' => 'mye_message', 'title' => 'Email Message', 'description' => 'The message that will be sent to the user. You can type {username} for the username, {bbname} for your board name, {bburl} for the url of your board, and {days} for the day limit entered above.', 'optionscode' => 'textarea', 'value' => $db->escape_string("Hi, {username}\n\nYou've been gone for a while. According to our records, you haven't visited {bbname} in the last {days} days. Why not stop by and start a new discussion, or contribute to an existing one? Come let people know you're still alive!\n\n{bbname}\n{bburl}\n\n--------\n\nThis is an automated message. Please do not reply to this message."), 'disporder' => 0, 'gid' => $group['gid'] ); $db->insert_query("settings", $insertarray); $db->write_query("ALTER TABLE ".TABLE_PREFIX."users ADD myesent int NOT NULL default 0"); rebuild_settings(); } function missyouemail_is_installed() { global $db; if($db->field_exists('myesent', "users")) { return true; } return false; } function missyouemail_activate() { global $db; $insertarray = array( 'title' => 'Miss You Email', 'description' => 'Sends out emails to users who have been inactive for X amount of days', 'file' => 'dailymissyouemail', 'minute' => 0, 'hour' => 0, 'day' => '*', 'month' => '*', 'weekday' => '*', 'nextrun' => TIME_NOW, // Let's run it now, shall we? 'lastrun' => 0, 'enabled' => 1, 'logging' => 1, 'locked' => 0 ); $db->insert_query("tasks", $insertarray); } function missyouemail_uninstall() { global $db; if($db->field_exists('myesent', "users")) { $db->write_query("ALTER TABLE ".TABLE_PREFIX."users DROP myesent"); } // DELETE ALL SETTINGS TO AVOID DUPLICATES $db->write_query("DELETE FROM ".TABLE_PREFIX."settings WHERE name IN( 'mye_onoff', 'mye_days', 'mye_subject', 'mye_message' )"); $db->delete_query("settinggroups", "name = 'missyouemail'"); } function missyouemail_deactivate() { global $db; $db->delete_query("tasks", "title = 'Miss You Email'"); } function missyouemail_global_end() { global $mybb, $db; if($mybb->user['myesent'] == 1) { $db->update_query("user", "myesent=0", "uid='".intval($mybb->user['uid'])."'"); } } ?> PHP:
You might find this page useful. It looks like mybb has had several problems in the past few months: http://secunia.com/advisories/product/4479/?task=advisories
yeap exactly, or better get an updated version. it has better security patches than the one you are currently using.
Logically no, considering his script was exploited as a nobody user due to the incorrect permissions.