Recently we have been made aware of several MyBB plugins circulating around the internet, in particular pirated mods, which are specifically designed to cause malicious harm to their users. One specific example which has come to our attention attempts to delete all the records from your database, and delete your MyBB files. This would obviously have a devastating impact on anyone who happened to install this plugin.

We’d like to remind users of the immense power plugins have which, when used incorrectly, could pose security implications for your forum.  Theme files also can contain backdoor PHP scripts which can grant access to your server.  Therefore, great care should be taken both in terms of which plugins are installed and where the modifications were obtained from. Specifically, nulled or pirated mods pose the biggest threat of all given that the origin of the file is unknown and any sharer could have inserted malicious code.

Even when downloading mods directly from the author we recommend thoroughly researching both the plugin/theme and the author to establish that they are reputable and have a good standing with their customers and users.

If you have any further questions, concerns or examples please don’t hesitate to contact us via the Private Inquiries forum.

Regards, The MyBB Team.