Someone joined my mybb forum and made himself admin, claiming to be a hacker. He said it was through a skype plugin, but i'm not sure i believe it, i got rid of the plugin but is there any other way he can come back and do it again ?
They do if they allow SQL Injection into the primary database. Ensure that all of your plugins are secure and read a couple of reviews about them before using them.
You should not install any Plugins which are not trusted...if u find a new plugin site and u have any doubts about it post it on the Official MyBB forums before u go ahead and download plugins from there and install them..
Any insecure plugin can allow that. My rule is if I can't figure out what the code does, I don't install the plugin. You might want to make friends with a good PHP programmer. The easy fix when you get hacked that way, of course, is to delete the user from the database. If he changes your entry in the database, you can always add yourself back as an admin (use phpMyAdmin for all that sort of work).
Thanks all for your feedback, It turns out it was a dodgy Skype plugin I had installed, but now it's sorted. I will definately be doing more research on the plugins I install in future, Thanks all!
even if you are using the old version you should at least try to secure your forum by following these tuts http://community.mybb.com/thread-44977.html
Mybb got hacked previous year. So please update your forum with new version. Only this is the method.And ask more about that in mybb community.