As many of you know the MyBB Group released MyBB 1.8.4 out to the wild February 15, 2015. Below are the highlights from the official announcement.
MyBB 1.8.4 brings the following fixes:
- Seven medium to low risk vulnerabilities
- A slew of bug fixes
- Two new features: No CAPTCHA reCAPTCHA and 2 factor authentication for ACP login
MyBB Group says you need to run the upgrade script. I suggest you do as they say.
Two-factor Authentication is Awesome
I had the opportunity to install a local copy to check out what’s new and I’m happy to report that the extra security is a warm welcome. It’s one of the reasons why I love the MyBB 1.8.4 release. Better late than never as they say.
Prior to version 1.8.4, MyBB had been susceptible to encryption brute force attacks. Someone with access to the database could reverse the encryption to find a users password with little computational power. From there the “hacker” could possibly use the info to access email accounts and other accounts that share the same password.
There are ways to protect earlier versions of MyBB such as:
- Moving the admin folder to a different directory
- Creating an IP white list
- Make a unique and strong password
- Update with security fixes
Along with the above methods to protect MyBB prior to 1.8.4, two factor authentication makes it even more difficult for a hacker to compromise your admin control panel.
No CAPTCHA reCAPTCHA
The reCAPTCHA update is reason #2 why I love the new 1.8.4 release. I’ve had numerous MyBB forums filled with spam bots and posts. ThemeFreak, at one point in time, had a high rate of spam posts until we implemented a couple extra anti-spam security measures. I’m sure reCAPTCHA will be exploited eventually (with time), but in the meantime let’s enjoy what we have – while we have it.
According to Google:
reCAPTCHA is a free service to protect your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.
reCAPTCHA offers more than just spam protection. Every time our CAPTCHAs are solved, that human effort helps digitize text, annotate images, and build machine learning datasets. This in turn helps preserve books, improve maps, and solve hard AI problems.
You can read all about reCAPTCHA, in detail, here.
I’ll be testing the 1.8.4 release along with updating themes to the most recent version and I’ll report any interesting things in another post.