| Author |
 Topic  |
|
ryan bancroft
Starting Member
United Kingdom
3 Posts |
 Posted - 19 May 2002 : 14:25:28
|
Hi Everyone...Having a bit of a problem. Looks like someone has signed onto my site using my password (dont know how they got it) but they have changed the password so i cant log on...
Does anyone know of anyway I could get back in to restore myself as ADMIN!?
 
Ryan Bancroft
bancroft@todmorden.co.uk |
|
|
Intrepidone
Average Member
Canada
515 Posts |
Posted - 19 May 2002 : 14:27:20
|
Download your database and open it, see what the new admin pw is 
Intrepidone |
 |
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 19 May 2002 : 14:37:37
|
or if you can't download the database but have the e-mail options turned on, you could use the "forgot your password" option. You'll just have to pray they didn't change the admin e-mail address.
http://www.frutzle.com
Snitz Exchange | Do's and Dont's |
|
|
|
ryan bancroft
Starting Member
United Kingdom
3 Posts |
Posted - 20 May 2002 : 11:34:32
|
Where do I go to 'forgot my password' ?
And thanks for the rapid response!!
Ryan Bancroft
bancroft@todmorden.co.uk |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
LC
New Member
Brazil
70 Posts |
Posted - 20 May 2002 : 11:59:19
|
How can stuff like this keep happening?
Where's the problem?
Is this a DB issue?
If so am I safe with my DB password protected and in the "secret" DB folder?
Or is this only a matter of cracking the admin's password?
LC
|
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 20 May 2002 : 12:03:12
|
quote:
It's usually located below the login button.
Only if your email options are on and working.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists ! |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 May 2002 : 12:09:03
|
quote:
How can stuff like this keep happening?
Where's the problem?
Is this a DB issue?
If so am I safe with my DB password protected and in the "secret" DB folder?
Or is this only a matter of cracking the admin's password?
You'll never be totally protected, obviously. And if someone does crack your password they'll do whatever they please...
Anyway the best way to have the DB protected is to place in a folder that cannot be reached from the Web, above or at the same level of your root Web folder. Password protecting your DB can only delay a less experienced hacker. A google search will give you several links to Access DB password crackers, which in practice means using a password DB adds very little protection to your DB.
Security is a relative thing in the Internet. If someone hacks your Web server, assuming total server control (which is known to happen rather frequently, they can have whatever they want, including your DB. You just need to hope MS keeps ahead of the hackers or, that being unlikely to occur everytime, you need to hope that a fix for problems yet to be found comes out before any hacker gets to your server.
Other things to do: keep and eye on security fixes here, choose long admin passwords with letters, digits and other chars. That will make them harder to break/guess...
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 20 May 2002 : 12:36:41
|
ruirib, if I was new here and trying out these forums, your post would have detered me from using this any at all. You gave me no confidence or re-assurance at all that my forum can be totally protected and that it's pretty easy for someone to gain access to my forum passwords who is determined to.
Snitz Forums has been a pretty reliable software since it started out. With few security problems. But I guess that's because no one really sat down and looked to see if there was any security vunerabilites in the code.
But taking the steps as you mentioned in your post, putting the database in a folder outside of your public folder, using letters and numbers in your passwords for your forum, and having the latest security fixes here, I would say you are pretty safe and have nothing to worry about in terms of security, unless a new vunerability is found in the code. But in light of our recent security breeches I am sure they will all be plugged up.
Also making sure you don't just make anyone an admin on your forum, that you don't give out your admin passwords to other users, are other steps you can take.
Making your forum secure is a different thing from your server being secure. You have to hope that your server admins have applied all patches to thier servers and taken security precautions to protect thier customers data.
ruirib, you have been a big help here at the forums, and users listen to what you have to say. You're not just a normal user around here anymore. So just keep that in mind.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists ! |
|
|
|
LC
New Member
Brazil
70 Posts |
Posted - 20 May 2002 : 13:08:55
|
quote:
ruirib, if I was new here and trying out these forums, your post would have detered me from using this any at all. You gave me no confidence or re-assurance at all that my forum can be totally protected and that it's pretty easy for someone to gain access to my forum passwords who is determined to.
The higher the member's rank the greater should be our confidence that he is telling things like they are, and not acting like an used car's sales man.
Are there security issues on the net? That's not even a question and people should be aware of that.
Hackers prey on those naive enough to believe that this, or any other app for that matter, is flawless.
ruirib is telling things like they are, and his approach to this subject is making everyone's a favor.
I don't think I can say the same about those who don't take the security holes seriously. And judging by the number of hacker attacks reports all over this Forum I'm pretty sure you'll agree with me.
LC
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 May 2002 : 13:11:26
|
Davio,
I'm a bit disappointed with this post of yours. If you read my message you'll se that I by no means refer to any specific vulnerability in Snitz that makes it more prone to hacking than any other forum, or any other password protected web app, for that matter.
Hey I love Snitz, I enjoy these forums a lot and I have spent quite a bit of time hanging around here and helping on what I can and have knowlegde to do it.
I did by no means said that there was any specific vulnerability in Snitz. But I also think that saying what I feel is the truth is always better than pretending things are what they are not.
Having a web server 'out in the Internet' makes it prone to hack attacks, no matter how hard you try to secure it, whether that server is running Snitz or any other Web app. Why should you not recognize that?
Do I think that running Snitz is safe? Yes, I have a public forum running Snitz, so I think I'm safe for now, and I see no reason not to run Snitz. The effort being put to sort the security problems with Snitz seems as good a effort as I've seen and that's good enough for me.
Do I think that users need to be aware of the potential risks and do their best to protect their forums and data? Yes (thus my post).
Do I think that Web servers (especially Microsoft's) are secure? Well I run a web site using IIS, and I think they are improving their security standards.
Do I think their servers, or anynone else's for that matter are completely safe? No I don't. Given the outcry around security I think they are safe enough for me to have data I would not like to see disclosed on my site, in several Access DBs.
So Davio, somehow I fail to see the reason for your post. I believe that when you are dealing with people's data out there it make's no sense to pretend there is no risk. Let the user's know what are the risks and advantages and let them decide by themselves, that's how I see it.
quote:
ruirib, if I was new here and trying out these forums, your post would have detered me from using this any at all. You gave me no confidence or re-assurance at all that my forum can be totally protected and that it's pretty easy for someone to gain access to my forum passwords who is determined to.
Snitz Forums has been a pretty reliable software since it started out. With few security problems. But I guess that's because no one really sat down and looked to see if there was any security vunerabilites in the code.
But taking the steps as you mentioned in your post, putting the database in a folder outside of your public folder, using letters and numbers in your passwords for your forum, and having the latest security fixes here, I would say you are pretty safe and have nothing to worry about in terms of security, unless a new vunerability is found in the code. But in light of our recent security breeches I am sure they will all be plugged up.
Also making sure you don't just make anyone an admin on your forum, that you don't give out your admin passwords to other users, are other steps you can take.
Making your forum secure is a different thing from your server being secure. You have to hope that your server admins have applied all patches to thier servers and taken security precautions to protect thier customers data.
ruirib, you have been a big help here at the forums, and users listen to what you have to say. You're not just a normal user around here anymore. So just keep that in mind.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists !
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs
Edited by - ruirib on 20 May 2002 13:14:09 |
|
|
|
alex042
Average Member
USA
631 Posts |
Posted - 20 May 2002 : 13:18:35
|
quote:
if I was new here and trying out these forums, your post would have detered me from using this any at all. You gave me no confidence or re-assurance at all that my forum can be totally protected and that it's pretty easy for someone to gain access to my forum passwords who is determined to.
I took the post as a general security bulletin, not specific to Snitz and I happen to agree with him. If a hacker is good enough and determined enough, they can do quite a bit including obtain passwords, but the question is, why would they want to hack someone's site in particular? Don't give the hacker a motive and hopefully they won't be interested. All someone can do is try to keep up with security updates and if someone does crack it, be prepared and have a backup. There's a risk associated to nearly everything, including a website and it's data regardless of the platform or what's running on it.
|
|
|
|
ryan bancroft
Starting Member
United Kingdom
3 Posts |
Posted - 20 May 2002 : 17:31:01
|
On my site there isn't a fogotten password button..
Can someone lead me in the right direction?
Where can I downlaod the database?
Ryan
Ryan Bancroft
bancroft@todmorden.co.uk |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 May 2002 : 17:47:31
|
How did you put the database at your site? Just use the same process. You uploaded it using FTP, download it using FTP...
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 20 May 2002 : 18:22:04
|
ruirib, I did indeed read your message, that's why I replied to it.
I wasn't reffering to IIS security or the security of the webserver. Nor was I saying you posted some vunerability.
My whole point of my post was to say that, sure let the users know about the security of thier forum, sure let them know the steps to take to secure thier database and thier forum. But also give them some confidence that the forums they are downloading is pretty safe and that if some hacker comes along they won't easily just get thier admin password and take down thier forum. That's the part I didn't get from your post. If I didn't believe the forums was safe myself I wouldn't be telling people that and wouldn't be using it myself. So please don't consider yourself a car salesman as someone else mentioned.
LC: Cars salesmen will lie just to get you to buy a car. I don't think anyone of us are lieing here. I am not here to sell any product. I gain nothing if a user decides to use this forum or not. And if I didn't believe in this software I wouldn't be spending hours working on it and helping users. And I don't think ruirib would be here if he thought this forum wasn't worth his time and effort.
So the bottom line is, I just thought you could have encouraged the user about the security of his forum, despite the odds that anything on the internet is not totally secure. At least, that is the interpretation I got from your post. If I mis-interpreted it, forgive me.
«------------------------------------------------------»
Want to know when the next version comes out,
as soon as possible? Join our Mailing Lists ! |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 May 2002 : 18:53:15
|
Davio, I'm not offended by your post, there is no need to apologize. The thing that I didn't like much in it was an implicit, even if remote, notion that I was downgrading Snitz's security and I wasn't doing it.
I thing Snitz's security now, is as good as it gets. The potential weak points I was referring to will be found in any password based authentication system, used for a forum or a site. I do think the likelihood of a 'password break' is low. And yes I do agree with you that if you choose to implement a few security precautions, like following the rules I posted about passwords and having your DB file in a secure folder, and as you said not giving someone you cannot trust admin or moderator rights, Snitz is pretty darn secure. Secure enough, as I said, for me to be running a Snitz forum.
And the security of the current version is good enough that it took me to upgrade my old 3.1SR4 forum to v. 4.0 Beta3Patch04.
You are absolutely right about me thinking this community and these forum software are worth the time and effort I put to it. And I think you guys from the Dev team have handled the recent security issues the way you should have, and that can only increase the user's trust in Snitz.
Snitz is just great and I'm proud to be a member. And I can't think of a greater encouragement than running my own forum using Snitz and being here when I can to help out. So let's move on and continue with our efforts to improve this software and keep this community as a great place to get help on Snitz forums and all other ASP (or non ASP) issues anyone can think of  .
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
|
|
|
Topic |
|
Topic Locked
