visit this forum and make sure that you apply the fixes posted there:
http://forum.snitz.com/forum/forum.asp?FORUM_ID=118
After the fixes have been made, if all of your data was deleted and you don't have a backup, you can just start with a fresh database file, unless you had added any tables/fields to it. The hacker probably changed the password of the Admin Account, so if you don't know it, you can use the following code and paste it into a file named something like: dbs_resetadminpwd.asp
Reset Admin Password
[UPDATE]
MEMBERS
M_PASSWORD#'admin'#MEMBER_ID = 1
[END]
(you should change the admin in the code able to what you want the password to be)
then just save the file and upload it to your site.
Next, since you don't know the Admin password, you'll need to edit the admin_mod_dbsetup.asp file so that you can run it without being logged in.
Open the file and change this line:
<% If Session(strCookieURL & "Approval") = "15916941253" Then %>
to this:
<% If Session(strCookieURL & "Approval") <> "15916941253" Then %>
Then save the file and upload it to your site.
Now, just access the admin_mod_dbsetup.asp file from your browser, choose the Reset Admin Password option from the dropdown box and then submit it. After you have done that, change the line of code in the admin_mod_dbsetup.asp file back to the way it was and re-upload it to your site. (you should also delete the dbs_resetadminpwd.asp file as well)
You should now be able to login as the Admin and adjust all of your settings. You'll need to inform all of your users about the forum being hacked and tell them all to change their passwords.
Any data deleted is unrecoverable without a backup of that data.
If you did have a backup, then you can just apply the bugfixes and then use the backup database on your site.
Topic Locked
Posted - 10 May 2002 : 18:49:07
