Following on from our We’ll be back soon post yesterday, I just wanted to provide an update on our recovery efforts as well as address a few of the commonly asked questions.
After a comprehensive investigation, including audits of all files on our existing servers as well as an analysis of server and website access logs, we’re happy to confidently say that we do not believe any of our servers were compromised, or our databases accessed.
As you’ve likely noticed, access to the MyBB Community Forums has now been restored. Because we don’t believe the MyBB database was compromised, we have opted to not require users to change their passwords on next login. If you’re having difficulty accessing the forums (for example, if it’s redirecting to http://www.mybb.com, or stylesheets aren’t loading correctly), then please clear your web browser cache and try again.
We’re working on restoring access to the MyBB Mods website as soon as we can, however expect the modifications site take another 24 hours before it can be pushed live.
Our team are also busy working on relaunching the official MyBB documentation, using GitHub Pages. We’re moving away from MediaWiki and wiki-based documentation primarily because we believe our efforts are best focused on maintaining our core website, forums and modifications site rather than managing a slew of third-party applications (this is the same reason why our blog is now powered by WordPress.com). Because GitHub Pages is directly backed to a Git repository, the entire community can still collaborate to our documentation using pull requests.
At this stage, we plan to discontinue the MyBB Ideas site. We believe that through great collaboration on the MyBB Community Forums in our MyBB 1.8 Feature Suggestions and MyBB 2.0 Feature Suggestions forums, together we can build even greater software. It also means there’s one less place to collect feedback from.
We’re taking an overly cautious process with the restoration. If we chose to, we could simply flick all services on again, and have the wiki, modifications site, etc live. Instead, even though we’re confident there was no breach of our servers, we’re still handling the situation if there were. Before anything is relaunched, we’re:
- Verifying access logs of the site to look for suspicious behavior
- Verifying the content of the sites by comparing them against previously taken backups (both onsite and offsite, and against backups taken recently and those taken weeks ago) and analysing each and every difference by hand
- Pushing the content of all websites to our new servers from an offline copy, instead of our old servers
- Verifying that all of our websites work behind CloudFlare, and implementing caching strategies in CloudFlare to give you even faster page loads
There’s also been a lot of discussion around what legal action we will be taking against those that have attacked us. At this stage, we believe our time and effort is better spent improving and educating users about security, and moving forward with the development of MyBB 1.8, MyBB 2.0, and our rebranding.
Again, we want to thank everyone for their support and patience and look forward to moving onwards and upwards!
Chris, Tim, and the rest of the MyBB Team
Cheers for the news 🙂
Thank you for information. Good luck MyBB Team for other subdomains.
Good job 😀
MyBB rlz :3
Why did you not make the files onlyne first priority to restore after the blog ?
All mybb en langpack
Same for the mods
A single directory with the files well sorted and named correctely should be enought…
I planned to finish the upgrade from 1.4.12 to the last version this week, this mean mods too…
And i did nothing this we, i’ll have to wait next we 😦
Of course, i will survive, but a little sad for you choice of priority to restore rank you choiced.
I understand the importance of this problem, for exemple i founded two weeks ago a hacking on my domain, the source was a hack of the ftp code from my host himself !
But before to freeze the online restore, i choiced to make my domain online as soon as possible, and after i looked what was the source and of screwed tempory the security, that was enough to solve the problem.
Anyway it’s really important to be honest about your problem. Hide hacking problem make them strongest in the final way 😉 .
Yes, i agree, my hacker did not hacked mybb board, look it was easiest for us to hack my domain hoster, not exactely like but same clue == No hack of mybb script !
It’s important to claim it hight 😀
About the answer for your kackers, a mail with “gg” should be a fairplay answer in this world.
And still in the positive mybb spirit 😉
error to correct : it was easiest for us[THEM] to hack my domain hoster
sorry for bad anglish
@darkside – Because we had to audit all services before they could be restored. The blog is now hosted on WordPress.com so we didn’t have to worry about auditing that. Yes, we could have restored all services without checking if anything had been modified but we’d rather be 110% sure that the server and sites are secure.
Security is more important than plugins. We realized this incident has interrupted our services and community but if you read the “We’ll be back soon” blog post you’ll see it went beyond mybb.com and Chris had to restore his access to his accounts before he could do anything. All our actions have been made for the better.
I don’t really see how it concerns ANYONE as to what legal actions are being placed if any. Unless they are part of the MyBB company it has nothing to do with them and the people who are wanting to know are just trying to be nosy. They should worry about their forum, not the MyBB company.
I can’t access mybb.com and community.mybb.com now.
“Website currently unavailable
The website you are trying to access is currently unavailable. Please try again at a later time.
If you are the site owner, here is a help resource to help resolve the issue.
BTW you should probably remove the Ideas link from the menu on the homepage (its already removed on the blog,forum,mods etc)
@Fma965 – We are aware. It will be removed ASAP.
Well done to think of sometinhg like that
Pingback: Getting Involved: MyBB GitHub Now Available | MyBB Blog