Snitz Forums 2000 - Tips on hack recovery

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: General / Classic ASP versions(v3.4.XX)

Tips on hack recovery

New Topic

Topic Locked

Printer Friendly

Author

Topic

Dan Martin
Average Member

USA
528 Posts

Posted - 11 May 2002 : 19:43:55

I thought I'd share what I did to recover from my recent hack, besides the obvious 2 - install all the security fixes, and recover any backups you have.

First thing I've done is remove all admins, including myself. When I need to administrate, I bump my level back up to 3, and turn it off as soon as I'm done. If anyone hacks me in the future, they won't have level 3 access.

Second, I wrote a quick and dirty script using some of the code from the Random Password MOD. This script set everyone's password to a random string. I then required my members to all use the "Forgot my Password" link. Harsh, but necessary in my opinion.

Here's that script:


<%
set my_Conn = Server.CreateObject("ADODB.Connection")
strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("mydb.mdb") '## MS Access 2000 using virtual path
my_Conn.Open strConnString

memberListSQL = "Select MEMBER_ID from forum_members"
Set memberList = Server.CreateObject("ADODB.Recordset")
memberList.open memberListSQL, my_Conn

Do while NOT memberList.EOF
thisMemberID = memberList.fields("member_ID")
'// Create an array of characters to choose from for the passwords.
'// If you would like to add uppercase letters or high ASCII characters,
'// simply add them to the array, just remember to modify intNumChars
'// variable to match number of characters in the array.

intNumChars = 35

pwArray = Array("a","b","c","d","e","f","g","h","i","j","k","l", _
                "m","n","o","p","q","r","s","t","u","v","w","x", _
                "y","z","1","2","3","4","5","6","7","8","9")
				
'// This picks 12 random numbers and pulls corresponding letters from the
'// array. If you want a larger, or smaller, password simply adjust the
'// number of characters you grab.

	Randomize
	pwd1 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd2 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd3 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd4 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd5 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd6 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd7 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd8 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd9 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd10 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd11 = (Int(((intNumChars - 1) * Rnd) + 1))
	pwd12 = (Int(((intNumChars - 1) * Rnd) + 1))


	'// Make the password!

	strPassword = pwArray(pwd1) & pwArray(pwd2) & pwArray(pwd3) & _
            pwArray(pwd4) & pwArray(pwd5) & pwArray(pwd6) & _
            pwArray(pwd7) & pwArray(pwd8) & pwArray(pwd9) & _
            pwArray(pwd10) & pwArray(pwd11) & pwArray(pwd12)
		
	updateSql = "UPDATE FORUM_MEMBERS SET M_PASSWORD = '" & strPassword & "' WHERE MEMBER_ID = " & thisMemberID
	my_Conn.execute(updateSql)
memberList.moveNext
Loop
memberList.Close
Set memberList = Nothing
Response.Write("Finished")
%>

You will need to grab the connection string from your config.asp. Save that code to an ASP page, and only visit the page once.

-Dan

El Matador
Junior Member

192 Posts

Posted - 12 May 2002 : 13:09:47

Since all the hacks seem to have taken place through hackers gaining administrator status, your suggestion of changing the Admin level from 3 to 1 makes total sense.

I would like to see more opinions about this from the Snit Forum Dev team or Help Moderators, just to find whether the above is indeed a viable solution to prevent hacking.

Thanks to all.

kimari
Starting Member

Spain
32 Posts

Posted - 12 May 2002 : 13:51:16

To my also two forums have hack me. Your idea to clear level 3 to Admin is good I also I have added to a second password to all the archives of admin with a server variable

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=27911

to the solution with members bug fix fixes the problem of access of hacks to password of admin?

Help plis
Sorry for my english i'am spanish
Saludos
Kimari

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 12 May 2002 : 13:58:25

Yes, just aplly all the security bug fixes and your hackers will be kept away.

-------------------------------------------------
Installation Guide | Do's and Dont's | MODs

kimari
Starting Member

Spain
32 Posts

Posted - 12 May 2002 : 14:38:20

i modify in my forum:
New bug-fix - pop_printer_friendly.asp(v3.3.x)
and
New Security related bug-fix - members.asp(v3.3.x)
and
i add the ReplaceImageTags function

is correct,
i need more fix
?¿

Thanks

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 12 May 2002 : 15:40:23

The 2nd post in this thread has links to the relevant bug fixes. Have a look, although the three you have applied are there also.

-------------------------------------------------
Installation Guide | Do's and Dont's | MODs

ckingkeys
Starting Member

USA
4 Posts

Posted - 12 May 2002 : 16:21:28

I have also been hacked, and because I haven't had the discussion board up long, feel like a real newbie. First of all, I wanted to go in and fix up the damage, but can't seem to log in. When I put in Admin and my password, I get that it is incorrect. I have downloaded the security fixes, but want to make sure that I don't lose the messages that have been posted and my member list. What steps should I follow? Thanks for your help.
Chris King

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.53 seconds.