Snitz Forums 2000 - Hacker has taken over

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: General / Previous versions

Hacker has taken over

New Topic

Topic Locked

Printer Friendly

Author

Topic

svickrey
Starting Member

USA
43 Posts

Posted - 15 November 2005 : 22:20:47

Someone has gained access to my DB that the forum uses.
I assume this because they are making bulk changes to the DB.
Also they have made themself an admin and changed my original admin password. They are changing everything they can in the admin page.
They even hinted to me about a vulnerability in snitz via a post.

What can I do?
Please can anyone give me more information.

~ PhraseWorks ~
a phrase generator and manager for adwords

dabugster
Junior Member

USA
168 Posts

Posted - 15 November 2005 : 23:05:07

I would shut the forum down and rename the db before he deletes it all together.
Do you have a recent back up of the db?

svickrey
Starting Member

USA
43 Posts

Posted - 15 November 2005 : 23:26:23

Yes, I got a fresh copy before he made the changes.
This is really unfortunate because I had a very large user group and the forum was very active.
Curious thing is thew person made changes that can easily be undone via a few sql statements.
I'm half expecting to recieve a set of demands! Is there a vunerability in snitz that a knowing person could discover the DB name and password? If so, is there a patch? As for renameing the DB, I can't only the host can and I'm still waiting for them to get around to it. Man, what a day I've had.

~ PhraseWorks ~
a phrase generator and manager for adwords

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 15 November 2005 : 23:35:20

The 3.4.05 version is the latest version of the Snitz Forums. There is only 1 known security vulnerability in this version. http://forum.snitz.com/forum/forum.asp?FORUM_ID=118

All security vulnerabilites in past versions have been fixed in the latest version.
Is your forum running the latest version?
If not, have you applied all the security patches to your forum?

Past security announcements are found here: http://forum.snitz.com/forum/forum.asp?ARCHIVE=true&FORUM_ID=118

Support Snitz Forums

svickrey
Starting Member

USA
43 Posts

Posted - 15 November 2005 : 23:58:17

I'm running 3.4.04 Thanks for the info. Will I be able to simply snap my .04 DB into the .05?

~ PhraseWorks ~
a phrase generator and manager for adwords

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 16 November 2005 : 01:28:58

When upgrading, you will need to update your forum files and then go to setup.asp. This will update your database, if there are nay changes to be made.

You can download only the changed files since version 3.4.04 http://forum.snitz.com/specs.asp and overwrite your existing files. If you have made any modifications to your files you will need to add them back afterwards.

Support Snitz Forums

Nertz
Junior Member

Canada
341 Posts

Posted - 16 November 2005 : 08:37:51

Scott, I'm a member on your forum and you actually appear to be running 3.4.03 and not 3.4.04 (when hovering mouse over snitz logo in bottom right of page). You may have two updates to apply.

Are you running Access as DB? If so, have you checked if your database is accessible/downloadable (it shouldn't be...)?

Good luck....

cheers,
Nat

Sadly, most Family Court Judges wrongfully reward opportunistic gold diggers
that use our children unjustly as "instruments" of power.

www.fathers-4-justice-canada.ca

svickrey
Starting Member

USA
43 Posts

Posted - 19 November 2005 : 12:49:14

Craziest twist, The guy actually fixed everything and left the site.
Do I use Access?
No. I use MySQL

As for the logo showing I'm running 3.4.03
I uploaded the .05 files to the server and they are running, I think.
I don't know how to tell if the upgrade "took". I do know this didn't slow my hacker down not even a little. Fortunately he had some sympathy for me and my members.

Edit- I have figured out how to activate the upgrade and my logo now says 3.4.05

Edited by - svickrey on 19 November 2005 12:55:51

Podge
Support Moderator

Ireland
3775 Posts

Posted - 19 November 2005 : 13:34:46

I suggest that you search the member table in the db for all members who are admins and delete those which shouldn't be there.
Then have all admins change their passwords.

Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.

Nertz
Junior Member

Canada
341 Posts

Posted - 19 November 2005 : 15:21:12

quote:
Originally posted by svickrey

Craziest twist, The guy actually fixed everything and left the site.

Glad to see your site is back to normal.... Noticed you tightened security as well by requiring registration for access.

cheers,
Nat

Sadly, most Family Court Judges wrongfully reward opportunistic gold diggers
that use our children unjustly as "instruments" of power.

www.fathers-4-justice-canada.ca

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 30 November 2005 : 20:51:21

quote:
Originally posted by Podge

I suggest that you search the member table in the db for all members who are admins and delete those which shouldn't be there.
Then have all admins change their passwords.

you can use the admin_members.asp page (Admin/Moderator List option in the Admin Options) to see who the current Admin/Moderator level users are on your forum.

KC
Junior Member

USA
152 Posts

Posted - 07 December 2005 : 16:12:43

Read this topic (my last post)
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=57686

It will end any possiblity of staff hacking.

Owner of vales.com and Elite Computers.

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.13 seconds.