As most of you who will be reading this are aware, three days ago (beginning the 31st of May) the MyBB.com domain (along with our other domains) were hijacked by a group of hackers (we’re not going to identify them by name but they have been very vocal in claiming responsibility so you should have no problem finding them if you’re so inclined). They also tried to access our server and many other services we use.
At this stage we have access to all our systems back and are in the process of restoring services, however we’re pleased to say that we are also taking this opportunity to retool components of our website and upgrade our server infrastructure.
This blog post will probably be the first of many, but we’ll endeavor to keep you updated as much as possible regarding progress. At this stage we don’t expect all services to be online for at least a week while the new servers are configured and we prepare new components of our website, however this blog is obviously already online and the MyBB home page will be up very soon too.
The story to date
There are still a few missing pieces, but at this stage we have a pretty clear understanding of what happened. Contrary to what has been posted elsewhere, we do not believe social engineering was the culprit, although the hackers did try unsuccessfully to gain access to several of our accounts via this method.
The main incident that lead to the breach was a compromise of Chris’ personal Apple ID (iCloud, etc) account. From there, the hackers were able to reset passwords to our hosting and domain accounts. It’s still not clear how they got access to this account, however they also had numerous personal details about Chris, including contact details and knowledge of at least the last four numbers of his primary credit card.
Fortunately SoftLayer (our host) called Chris when his password was reset which alerted us to the situation unfolding and all public access to the server was shut off soon thereafter. As far we can tell they were not able to log into our server and do not have copies of our databases. We have been very pleased by the response we received from SoftLayer and without their vigilance the situation could have been far worse.
While Chris was trying to reset his passwords to NameCheap (our Domain Registrar at the time) and Apple ID accounts, the hackers even went as far as to remote wipe his iPhone via iCloud to prevent him from having 3G access. Unfortunately they successfully took control of Chris’s NameCheap account and redirected the domain to their defacement page, later we discovered they even tried to transfer the domain.
Unfortunately we did not get the expedited response from NameCheap that we would have hoped for given the severity of the situation, and it was about six hours before we got access to our account back. As a result we have already transferred MyBB.com to another domain registrar with better controls around account security.
Since then we have been planning the recovery effort, including taking the opportunity to improve our infrastructure. We will be moving to a new server setup, but given our security scare a few months ago we are also auditing the site software we use and only moving what we know is clean to the new server. More details on changes to the site are detailed further down this article.
With regard to why we were targeted, frankly we are baffled by the logic. The group identified MyBB as being targeted because one of our user’s runs an online forum dedicated to hacking. By this same analogy, if someone purchases a car and then uses it to run someone down or damage another’s property, then the manufacturer of the car should be responsible, which is obviously corrupted logic.
The group totes freedom as their cause but by attacking an Open Source project they are undermining freedom in every sense of the word. Anyone is free to download and use our software, no matter if you’re rich or poor, a nurse or a hacker, and the fact they targeted us for this is an utter contradiction of their reasoning.
As many MyBB users will know, we don’t even offer support on our community forums to hacking sites, and there are no exceptions. We can only conclude that attention and notoriety are their true motivations, and that their sense of ethics is a disgrace to the online community. We sincerely hope the perpetrators are brought to justice.
What we’re doing
First and foremost we have adopted two factor authentication wherever possible. As mentioned above, the domain names have already been transferred to a registrar offering two factor authentication, among other security features. We’ll also be adopting two factor authentication on our new servers, and to various internal services. The new servers should improve performance of our website, and CloudFlare has also been setup.
As you might have also noticed, this blog has already been moved from being a locally hosted WordPress installation to being hosted on WordPress.com, which should ensure it is accessible even when our servers are down. We are hoping to make a similar change to the wiki before services are fully restored and as previously announced, development will be moving to GitHub with 1.8. Our goal with moving services offsite is to improve availability, improve maintainability, reduce load on our servers and improve security.
Finally, although our website infrastructure did not contribute to the intrusion, we are reviewing the security of all our services prior to moving them to our new server to ensure our systems are as secure as they could be.
We thank everyone for their continued patience and support over this difficult time and hope to have everything back online soon.
Regards,
Chris, Tim, and the rest of the MyBB Team
MyBB Blog 
Wow, awesome history, thanks for the notice guys!
Thanks 🙂
Looks like you guys moved to name.com. Nice choice, I’ve always loved their support, waaaaaaaay better than Namecheap.
Looking forward to using the forum again. It’s too bad this happened, but I’m sure we’ve learned a lot from it. Seems like it could have been a lot worse. =)
Great guys, glad to hear it. Good luck with getting everything ready. 🙂
Sad to see Chris’ account getting compromised.
Its Good to See you again…
Sad to see Chris
Glad to see sections are coming back up, welcome back.
Thankyou
When I read the reasoning behind the attack – I was like.. WTF!!??
How can one, who is against hacking (whether it’s ethical hacking or not), do the same, just to prove a point that they are against it??
How does that make any sense??
Especially since MyBB shouldn’t be hold responsible for who uses the software – after all, it’s for free and anyone can download/install/use it.
For whoever who is behind the hacking – time to grow up and review your lame practice & reasoning, because this isn’t ethical at all!!
After reading the original notice/reasoning (by the people responsible behind this attack) – The hack/attack was mainly because of an issue between them & other “hacktivists” using the MyBB software and not necessarily hacking in general.
Still, it’s a pity that MyBB has become victim of this since they are not responsible for who uses their software.
I happened to read the hacking groups statement/rant and it made no sense. As I read it: they said they attacked MyBB.com because one of its users ran a hacking site where everyone thought they were hackers. The hacking group took offence to this as they thought the users of the site were “skids” <- not real hackers.
They also complained that people weren't opening their eyes that the only way to keep your details safe was to not give them out because (supposedly) mybb.com and other sites lie about their security.
So basically the attack seems to me to be a personal vendetta against a mybb.com user/forum owner who uses myyb software and a poor attempt to get people to keep their details safe – sorry but I'm fairly certain at least 90% of those using mybb.com and the like are aware that their details will never truly be safe!
Well glad to see mybb.com being restored to 150% health, while the hacking group move on 4chan…
I certainly agree.
Also, I think another possibility of the hack may be relating to personal issues between the hacker and the MyBB user.
About the security, well I think mybb.com and other sites are quite trusted, since WOT doesn’t warn me. I give my details to pretty much sites that have a green WOT rating.
Anyway, great to thear that MyBB is back now.
Nothing is save online 🙂
now if them lot of hackers got sent to prision what would they be able to hack… not long ago people was on the news here in the uk getting charged for hacking the police, goverment, banks etc.
I dont see the point in hacking tbh, They all get caught sooner or later, as the police say, they leave bread crumbs 😉
Welcome back guys. I hope the sad thing will never happen again. 🙂
When I read their homepage and it said “Freedom and against SOPA” I already found them a bunch of liars, MyBB is the heart of freedom of the internet in the word itself, quite silly.
If you target an opensource project for no apparent reason (and the reason given is like blaming water for being wet) you’re destroying freedom, not fighting for it.
Also shows that Namecheap is a registrar not to be trusted thoroughly, another lesson learned. (In these situations, you see the true face, if I have ever need a host, I’ll check out Softlayer).
what I do wonder is, why…….. WHY do they hate MyBB so much, I mean they’ve been going through quite some effort if they even track Chris’ personal data just to get access to MyBB.
We do know now is that not all these hacker groups are as good as they claim.
Good to see mybb back again. I miss you all guys.
Good to see services are getting back online.
Also good to see that you are improving certain parts of the website, like for example the blog. Hosting that at wordpress.com seems like a good move, only thing i wonder if they would ever somehow be integrated with the forum accounts.
Its to bad everything that happend, and the reasons are simply rediculous.
Hopefully we will see the wiki online soon followed by the forums.
I thought hacktivist groups had awful logic before, but going after you guys because labrocca uses MyBB is an all-new low. The generic “https:// does not mean your details are safe” paragraph also smacks of huge, fragile ego to me. HTTPS was never purported to completely seal away details afaik. The only people I can think of that would believe HTTPS is the be-all end-all are computer-illiterate, which none of the community fits in to.
Good to see everything is coming back online. Cant wait for the mods page to be back.
Thank you
This is really the cheapest behaviour by any moron in the world hacking an open source software.
They are bunch of kid crap and thank you team for your untiring work on restoring the site.
We wish mybb reborn will scale heights and all the best :):):)
Cant Wait For Mods/Forum To Open Back UP!!!!!!!!!!!!!!!!
hope the site gets back soon I had to see some threads tp fix my site problem about some sql error
I was about to host my own forum when I saw the MyBB site brought down by hackers. I have used MyBB in the past and have extreme confidence in the beauty of it. Very sad some ‘so called hackers’ took down the site citing such nonsense as explanation. Now I’m stuck middle way unable to look at the mybb forums and mods pages. Hope to see the full site up and running soon. Cheers !!
hahaha… ‘group of hacker not hacker but script kiddies’ and MyBB is Nice Open Source Board System 😀 Enjoy And Cheers..
Hope to see these kiddies grounded soon. 😡
Great job guys. Hackers have various motivations. Some use it for monetary gain. The PUNK A$$ COWARDS who did this, did it solely to feel powerful in their otherwise weak, meaningless, pathetic, useless lives. Justice WILL grab them by the throat one way or another. You wreak destruction and you will meet with destruction.
Absolutely right. !!!
pls reveal the full information of the hackers after the investigation .. I really want to see them brought in to justice ..
Good news is good that MyBB is already online…
Thank you for the appreciated true rundown of happenings. Never have I doubted your ability to to return stronger and more confident than before. I love Mybb!!
May the source be with you!
Glad to see mybb back 🙂
Great to see you guys are back! Question: Why is there a tiny smilely face in the bottom left corner? Haha
Its for WordPress.com’s stat system :).
That’s used by the WordPress statistics service. I know you can hide it on self-hosted sites but I have no idea about wordpress.com hosted blogs.
Glad to see MyBB back and in good standing.
Sad to hear about the Namecheap situation however it has definitely opened my eyes.
I bet they would have done it a lot faster if it was the domain “www.Facebook.com”, “www.Google.com” or something similar.
Hopefully the team will keep their chins up and take this as it comes. I hope to see bigger and better things from you guys. This is just a lesson learned in my opinion.
I’ll see you around.
Do we know how long ago they took control? I’m wondering if I should trust the latest update I downloaded last week.
@Laie Techie – Downloads are hosted offsite. You have no need to worry about your own forums or any updates.
As stated in the blog post:
As far we can tell they were not able to log into our server and do not have copies of our databases.
People hack for really weird reasons. A client got hacked because she smokes. Now, I see no harm in that but the hacker did.
Wasn’t that hard to fix up, but the reason they hacked…. this proves that hackers are sadly children that have failed in school.
Never though i see the day of mybb getting brought down by hackers, if you carnt even own A open source project without getting destroy these days, what else carnt you own? maybe a computer.
I agree with Aaron they must of failed at school, They need education in some form or way.
A good kick up the [word here] is what they do need. Maybe their brain will start to function afterwards.
@Spudster – I wouldn’t say MyBB was destroyed, not at all. Infact it’s the exact opposite. It’s given us the chance to upgrade our infrastructure and make vital changes which can only improve MyBB as a whole.
All good (and bad) things happen for a reason. Happy to see MyBB come out stronger.
There should be a backup forum or something. Somewhere where people can get support for their forums whilst the main ones are offline. phpBB, smf, etc do this.
It can only make sense that you guys do one too. Because if it’s going to take a week until the forums are back how exactly are people going to get support?
If you don’t want to do a temp backup support forum maybe even list some other sites where people can get support for their forums until MyBB support forums are back up and running.
The forums will be back today 🙂
Meaning by the end of june the 3rd? or?
What doesn’t kill you makes you stronger.
I just asked that on your facebook (as mark m)
Glad to see yous working your way back online 🙂
Also im wondering if yous are going to take legal action agaisnt this, because as far as i know, accessing server and stealing users personal information is a federal crime. (in australia) since i live here aswill..
I don’t think MyBB will disclose that information to it’s users….
Thatks guys..
hope everything will be back soon.
Waiting for site up.
My request please start support forum until full forum launch so we can solve problems..
One week is too much.
You have an interesting definition of a week.
Looks like MyBB will be better than ever because of this. Surely not what the hackers had intended. Go MyBB!
I hate to be a pushy douche, but does the team have an ETA as to when the mods portion of the site will be up?
Hi Dustin,
We’re in the middle of restoring the MyBB Mods website at the moment. The database is ready to go, and we’re just waiting for the content of the site to upload from my connection here in Sydney.
We’re not taking any chances with our websites, which is why things are taking a little longer than just “flipping the switch back on.”
Thanks for the understanding.
Hopefully you get it all sorted Chris. Take as long as it takes. No use rushing. 🙂
Thanks for the update, Chris! Much appreciated.
I understand and as Aaron said, take as long as you need. No rush, just curious.
Have a good one!
-Dustin
Pingback: Access to community forums restored, modifications site underway, updates & FAQ | MyBB Blog
The mods page is not up :O How do i put mods on my forums if they arent up!
@Leighton – If you read the blog post before commenting you’d know that we’re working on putting it back up.
Hi all, not sure if someone else may have already brought up that thought, but here goes: Ever thought about that the whole “reasoning” / statement of the attacker(s) could very easily just be a facade to hide their real identity behind a “wall of nonsense” that would easily be dismissed as such – and in fact, it might be driven by someone for whom MyBB is a competition that is becoming seriously dangerous for their business? Just saying… don’t just believe what they say, after all, how do you know that it is true? Their ramble sounds exactly like a badly put together smokescreen. Cheers, Matt
Pingback: Access to community forums restored, modifications site underway, updates & FAQ | TienBlog.Com
Pingback: » * MyBB.com/MyBBoard.pl zhackowane -- Niebezpiecznik.pl --
Pingback: Apple cloud burst: how hacker wiped Mat’s ‘life’ – Sydney Morning Herald | Daily News Pages
Pingback: What Apple should have done - Sydney Morning Herald |
Pingback: Apple cloud burst: how hacker wiped Mat’s ‘life’ | Exploit Archive
Pingback: Hacked Knightmare | Edinburgh Eye
Pingback: iCloud Security Issues Raised Due to Hacking | Shannon Digital
nice and I wait 1.8 make a my new forum.