| Author |
 Topic  |
|
HooH
Starting Member
37 Posts |
 Posted - 10 December 2002 : 12:41:23
|
Hi
My page has just been hacked again.
I use Snitz Forums 2000 Version 3.4.03
I have checked the server log, at seems like the guy changed something in the cookie and logged on as a moderator and then deleted a whole topic.
It seems like he uses the same SessionID but he changes the username -
How can I prevent this to happen again?
Anyone got any suggestions?
/HooH |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 December 2002 : 12:52:54
|
| Why do you say he changed something in the cookie? The member level is maintained in the database so there is no way he may have changed any info related to him. What may have happened is that the last time he hacked your forum (this is a presumption based on your statement about being hacked again) he got the access data for a moderator and he is using it now. Did you change all admin and mods passwords after you were hacked the first time? |
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
HooH
Starting Member
37 Posts |
Posted - 10 December 2002 : 13:01:33
|
The hacker logged on as a moderator that wasnt even a member the last time we got hacked.
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 December 2002 : 13:15:12
|
Yes, but did you change the passwords for admins and mods? Otherwise how would he found out the moderator password?
Also do you have the IP used by him? Can you post it here? |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
HooH
Starting Member
37 Posts |
Posted - 10 December 2002 : 15:53:07
|
we changed all the passwords for admin and mods.
His IP is 80.198.244.180 |
|
|
|
HooH
Starting Member
37 Posts |
Posted - 10 December 2002 : 16:02:45
|
do u need anything else...
I can send u some lines of the serverlog, where he logs on.. if that helps |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 December 2002 : 16:48:27
|
quote:
Originally posted by HooH
do u need anything else...
I can send u some lines of the serverlog, where he logs on.. if that helps
Yeah, I would like that. Can you post a link to a file containing the logs only for this guy, or email me the file? |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
HooH
Starting Member
37 Posts |
Posted - 11 December 2002 : 04:16:44
|
I have sent you a mail containing the link to the logfile.
thnx for helping me out! |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
HooH
Starting Member
37 Posts |
Posted - 11 December 2002 : 09:32:44
|
thnx  |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 11 December 2002 : 10:11:26
|
| HooH, I'm not sure your problem is similar to the one covered by that fix. Read the emails I've sent you, specially the last one regarding that specific moderator. Of course, you should apply the fix, nonetheless. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
Edited by - ruirib on 11 December 2002 10:12:07 |
|
|
|
HooH
Starting Member
37 Posts |
Posted - 11 December 2002 : 10:37:29
|
thnx - I have now fixed that problem. I hope that he will stay away now.
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
HooH
Starting Member
37 Posts |
Posted - 11 December 2002 : 10:42:44
|
| yes I have sent you a mail about it! |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Topic |
|
Topic Locked
