| Author |
 Topic  |
|
|
Splinter
Starting Member
USA
20 Posts |
 Posted - 29 July 2002 : 17:13:33
|
Well, it looks like a guy named "Hak" hit again. He hit my personal forum (www.story.com/splinter/forums/defauls.asp) sometime yesterday and edited my page...and killed all of my groups 
I was able to restore the layour, but the groups were not recoverable, even after I inspected the .mdb file the best that I could and saw that things were OK there. I even physically moved the file and changed the config.asp to reflect the change...no luck at all.
Has anyone else here been affected by this *^*&^%*&? And, if so, how did he change your layout?
Finally...is there any way to secure the pages from being modified unless the IP of the admin matches? Example: If the IP is 123.123.123.* for the admin or other account that is also admin level and someone tried 123.123.255.*, the verification fails and the hacker is stopped (and the attempt logged and delivered to the right admin's email?) Or, if someone is lucky enough to have a static IP/dedicated connection, then, the .* can be changed to the actual class C assignment, can that be done (or, better yet, a limited range with edits being emailed to the actual admin for verification?)
Thanks!!
<<<Splinter>>>
[moved by bozden on 03 October 2002]
< |
Edited by - Deleted on 03 October 2002 20:29:23 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 29 July 2002 : 17:30:12
|
Do you have 3.3.05 installed or added the security fixes to your forum?
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs< |
 |
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 29 July 2002 : 18:49:55
|
By "groups", do you mean categories and forums?
When you opened your database, you saw all of the forums there? There is only one category and one forum showing right now. And only 5 members.
What data did you see in the database exactly when you opened it?
Nikkol
~~~~~~~~~~~
Install Guide | MODs< |
|
|
|
Splinter
Starting Member
USA
20 Posts |
Posted - 29 July 2002 : 22:48:50
|
quote:
By "groups", do you mean categories and forums?
In this case, it meant everything...
quote:
When you opened your database, you saw all of the forums there? There is only one category and one forum showing right now. And only 5 members.
The membership count is correct.
As I don't have MS Access on my machine (it's on the server that's in another state), I had to try to read the non machine part and everything appeared to be there, but, the forum's ASP wasn't reading it right :( I don't mind the rebuild (there were only about 50 messages total) and I hope that my users don't mind, either...quote:
What data did you see in the database exactly when you opened it?
What I saw when I could deciper the items was various messages and the forums/cats that were there before the hacker 
<<<Splinter>>>
< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 29 July 2002 : 22:55:37
|
So you had been hacked before. Did you change your admin password after that? Also do you have any other admins, and did you changed their passwords also?
Anyway, this won't be of much use now, but you should download your database file periodically and keep that copy up to date so that you lose a minimal amount of ingo (none, if possible) in case this happens.
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs< |
|
|
|
Splinter
Starting Member
USA
20 Posts |
Posted - 29 July 2002 : 22:59:46
|
quote:
The URL you posted is incorrect. This should be it: http://www.story.com/splinter/forum/default.asp
My bad...I run another Snitz forum with /forums/ in the URL...that one was fine.
quote:
You're using 3.3.05 so with the exception of one security fix, all should be secure.
Also, you seem to have changed the admin password and the database is not in the root, or at least not under the name "snitz_forums_2000.mdb, so that shouldn't be the problem.
What's the "missing" security fix and is it included in Ver. 4.xx? quote:
What exactly was changed on your forum?
The top and bottom headers had "Hak Hacker" in large type and the logo in the upper left was redirected to some site in Turkey with a guy in clown makeup on one side and some other guy, which I wonder if it is the actual person responsible. Also, he wiped out all of the categories, forums, and messages
I was able to restore the layout to where I had it before, but, the database seemes to have been wiped out. I'm going to have to back it up every week or so...
<<<Splinter>>>
< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Splinter
Starting Member
USA
20 Posts |
Posted - 29 July 2002 : 23:06:34
|
quote:
So you had been hacked before. Did you change your admin password after that? Also do you have any other admins, and did you changed their passwords also?
Sorry for any misconceptions, but, this was the first time that I've been hacked and the damage was limited to the forum section, fortunately. I'd've been pi**ed if my main site had been hacked as well.
I immediately changed my password to something less likely to be guessed and since I'm the only "admin", that was the only one that needed to be changed (other than the non-removabloe "admin" account, which I'd like to remove.)
quote:
Anyway, this won't be of much use now, but you should download your database file periodically and keep that copy up to date so that you lose a minimal amount of ingo (none, if possible) in case this happens.
That's in the plans, now. Also, I can create a backup on the main server in case I lose the "local" backup in a HD crash here at home.
<<<Splinter>>>
< |
|
|
|
Splinter
Starting Member
USA
20 Posts |
Posted - 29 July 2002 : 23:08:59
|
quote:
So you had been hacked before. Did you change your admin password after that? Also do you have any other admins, and did you changed their passwords also?
Sorry for any misconceptions, but, this was the first time that I've been hacked and the damage was limited to the forum section, fortunately. I'd've been pi**ed if my main site had been hacked as well.[/quote]
Clarification...I had recalled that someone said that their forum had been hacked by this "Hak".
<<<Splinter>>>
< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 29 July 2002 : 23:11:26
|
Sorry, reading your post made me think it wasn't the first time. Do you have any ideas on how he did it? That would be important for us to know. Maybe your password was easy to guess, was that it?
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs< |
|
|
|
Splinter
Starting Member
USA
20 Posts |
Posted - 30 July 2002 : 01:44:13
|
quote:
Sorry, reading your post made me think it wasn't the first time. Do you have any ideas on how he did it? That would be important for us to know. Maybe your password was easy to guess, was that it?
That is the only logical conclusion that I've come up with since discovering the changes. I know that the person did not get access through FTP since nothing else was damaged on my website.
I decided to do a complete re-install, except for the database, anyway, just to make sure that things are going back to normal 
<<<Splinter>>>
< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 30 July 2002 : 04:32:48
|
Did you have a look at your site's log files? Maybe that could allow you to find how he did it...
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs< |
|
|
| |
Topic |
|
