| Author |
 Topic  |
|
|
clj
Junior Member
145 Posts |
 Posted - 20 December 2004 : 08:49:27
|
Hi everyone
Last night, all the topics in my forum were deleted. The archives remained intact, as did the 'Riding' area of the forum.
We do not know who did this, how or why.
We have looked at the IIS web logs at the time of the deletion and no-one accessed the admin_forums.asp page.
The SQL Server logs don't reveal anything nor do the server event logs.
Does anyone have any ideas how this might have happened or what we can check to track it down?
Do you think it's possible it was a database corruption?
Thanks
Clare
EDIT: Just to add, the topic/post counts were not reset to zero, they still read as high numbers (general had 892 topics I think). I performed 'update post counts' in the admin to get them correct. |
Edited by - clj on 18 July 2005 10:42:52 |
|
|
Jorrit787
Average Member
Netherlands
681 Posts |
Posted - 20 December 2004 : 08:56:21
|
| If the topic counts weren't updated it is likely that the topics were removed directly from the database... Sorry to hear this, I hope you have a backup you can restore. I suggest you make sure you change all your passwords before uploading again. |
eXtremeGossip  |
 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 20 December 2004 : 09:22:10
|
| As Jorrit stated, if the topic count was intact, then it was not done via the forum code, however I notie that you are running an older version of the forum code which does have some security issues, so they probably used some kind of SQL injection hack to delete your topics, you should re-check your IIS logs, but you are not looking for access to the admin pages, look for anything that looks like a suspicious query string |
|
|
|
clj
Junior Member
145 Posts |
Posted - 20 December 2004 : 09:38:04
|
Thanks for your replies
Could you give me any more info on SQL injection? Wouldn't they have to know the DB password to do that?
I'm looking in the IIS logs again but they are so huge the only feasible thing to do is search them, I've searched for the table names and 'delete' at about the time it happened but nothing's come up (just the delete icon) - what else can I search for?
Thanks!
Clare |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
clj
Junior Member
145 Posts |
Posted - 20 December 2004 : 13:27:29
|
Thanks Podge
I've searched through for delete+ to no avail
I'm on SQL Server yes but I'm not too bothered about restoring the db, I just want to prevent it happening again!
I've installed all the bug fixes here http://forum.snitz.com/forum/topic.asp?TOPIC_ID=35210
Is there anything else I can do?
Thanks
Clare |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
clj
Junior Member
145 Posts |
Posted - 22 December 2004 : 10:53:41
|
Thanks for helping Podge
I've recently got to the bottom of what happened - an admin gave out his password and unfortunately forgot to change it. Someone has now owned up to using his password and deleting all the topics.
Thanks for all your time and help. My forum is certainly more secure now anyway!!
Clare |
|
|
|
PeeWee.Inc
Senior Member
United Kingdom
1893 Posts |
Posted - 22 December 2004 : 11:50:48
|
| what did you do to the person/member who did this and the admin? |
De Priofundus Calmo Ad Te Damine |
|
|
|
D3mon
Senior Member
United Kingdom
1685 Posts |
|
|
PeeWee.Inc
Senior Member
United Kingdom
1893 Posts |
Posted - 22 December 2004 : 16:17:28
|
 |
De Priofundus Calmo Ad Te Damine |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
PeeWee.Inc
Senior Member
United Kingdom
1893 Posts |
Posted - 22 December 2004 : 17:15:27
|
yeah, only yourself, a back-up account and someone you REALLY trust should be Admins. Loads of Mods, they cant really do alot of harm.  |
De Priofundus Calmo Ad Te Damine |
|
|
| |
Topic |
|
Topic Locked
