Using Pirated Mods

Recently we have been made aware of several MyBB plugins circulating around the internet, in particular pirated mods, which are specifically designed to cause malicious harm to their users. One specific example which has come to our attention attempts to delete all the records from your database, and delete your MyBB files. This would obviously have a devastating impact on anyone who happened to install this plugin.

We’d like to remind users of the immense power plugins have which, when used incorrectly, could pose security implications for your forum.  Theme files also can contain backdoor PHP scripts which can grant access to your server.  Therefore, great care should be taken both in terms of which plugins are installed and where the modifications were obtained from. Specifically, nulled or pirated mods pose the biggest threat of all given that the origin of the file is unknown and any sharer could have inserted malicious code.

Even when downloading mods directly from the author we recommend thoroughly researching both the plugin/theme and the author to establish that they are reputable and have a good standing with their customers and users.

If you have any further questions, concerns or examples please don’t hesitate to contact us via the Private Inquiries forum.

Regards, The MyBB Team.

Plugin Exploits (Being reported as MyBB 1.6.5 Exploits)

Hello everyone,

We’d like to inform you that two security holes were found in two plugins which are very common on multiple MyBB forums out there. The affected plugins are the following:

[ SEO ] Simple Tag Cloud Plugin (Tags) by Watt
FBConnect (not available on our Mods site) by Nayar

The first was unapproved and a PM was sent to the plugin author and until the author fixes the issue it will remain unapproved on the Mods site.
The second has been updated already and the issue has been fixed. If you’re looking for the fixed version, it is available on the author’s website as well as on the MyBB community forums here.

We strongly advise you to remove the first plugin entirely from your forum and either remove the second one or install the fixed version.
We also recommend you to do the necessary searching for any data that may have been compromised.

On a side note, numerous “exploiting scripts” have been spreading throughout the internet which refer to these two vulnerabilities as if they were vulnerabilities in MyBB itself and that is not true.

Thank you,
MyBB Team