mybb forum spamming mail issue

Hi
I just created mybb forum in my domain. after a week, my domain was suspended for sending spamming mail.

when i checked exim logs, looks like, that mails were sent by mybb folder.

Mybb is vulnerable? If the my site is hacked, it has wordpress installation in main domain, hacker might have used wordpress, not sure how mybb installation alone was affected?

How to secure mybb or Is there any other forum which is more secure?

 

Everything is vulnerable. If you do not know how to secure your software, don't use it. Wordpress is insecure by default, so is MyBB, phpBB and most other forum software - more so free than paid, perhaps - I don't really have that much experience with paid forum software, except for vBulletin, which sucks on so many levels.

 

For forum use Xenforo, it works best. Update WordPress & themes, plugins regularly.
Outdated versions are more vulnerable.

 

Most probably scripts are hacked, if you won't fix everything, spamming will occur again.
First of all, put your website offline, by changing permission of /public_html/ folder to 700.
If you're familiar with SSH commands, start searching for the last modified files:

# find /home/rbsail/public_html/* -type f -printf "%-.22T+ %M %n %-8u %-8g %8s %Tx %.8TX %p\n" | sort | cut -f 2- -d ' '

Another commands will show up potentially injected scripts:

# grep -ir 'base64_decode' /home/username/public_html/*
# grep -ir 'eval' /home/username/public_html/*

You may get listed many files, but you have to look for a suspicious code and remove it.

Once cleaned, update your CMS, change cPanel, FTP user(s), database user and CMS admin passwords. Remove any unnecessary users from the admin panel.
Put .htaccess file in your /public_html/ with the limitations to execute unnecessary php files.
Hope this helps.

 

Spamming is an illegal action and the account performing is a subject of suspension, while getting messages from the forum users is a normal behaviour, unless the forum is cracked and sends spam.

 

looks like, the forum is cracked, somehow they uploaded a mail script, so were sending spamming messages to multiple emails, those emails are not part of the user accounts.

Anyway, i completely removed forum, after that, no issues. But, i could not find, how the forum got infected.

 

In this case, you may have to contact your host, some hosting providers do offer security scanning and monitoring services to their customers.
Cheers.