| Author |
 Topic  |
|
|
jon123456
Starting Member
United Kingdom
8 Posts |
 Posted - 03 March 2007 : 15:46:23
|
Help!!
I am afraid my forum has been compromised as I can not login as the webmaster with my password.
I have ftp access to the access database on my ISP host's server, so is there any way I can do a reset?
I am running version 3.0.4.3 and it does not have a password reset feature...
Please help! |
|
|
HuwR
Forum Admin
United Kingdom
20600 Posts |
Posted - 03 March 2007 : 15:51:36
|
first thing you need todo is register on the forum with a new username/password, then download your db and take your forum offline.
You can then make this new member an admin by changing the M_LEVEL value to 3 in the FORUM_MEMBERS table, and then delete any other users in the database that have an M_LEVEL of 3.
You should also either upgrade to the current version, or install all security updates and bug fixes from our bug forums
|
 |
|
|
jon123456
Starting Member
United Kingdom
8 Posts |
Posted - 03 March 2007 : 15:54:30
|
| Nice one - I'll give it a go now... |
|
|
|
jon123456
Starting Member
United Kingdom
8 Posts |
Posted - 03 March 2007 : 15:58:21
|
OK - we have definately been hacked as new member registration has been disabled....can someone tell me which table I need to edit to turn this back on please?
@?~!$  |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
jon123456
Starting Member
United Kingdom
8 Posts |
Posted - 03 March 2007 : 16:28:22
|
OMG 
Right...the password reset script linked above worked.
I rest webmaster login and found a recent member with a .ru email (russia) that was an administrator  . In addition, the forum had been set to disallow new members to register 
I am not a happy chap
Thanks to all for your help in getting me back on. Is this a security flaw with Access or just all of Snitz |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
jon123456
Starting Member
United Kingdom
8 Posts |
Posted - 03 March 2007 : 18:46:01
|
OK.
I've just spent the last hour plus searching this site. Clearly, being on version 3.4.0.3 is not helping when I should be on 3.4.0.6!
I'd rather not bin my existing install as it is heavily MOD'd. However, I can only find the upgrade files for 3.4.0.5 -> 3.4.0.6.
Can anyone provide some advice on a way forward? I think the main mod I have is the Poll MOD - is this a standard feature of 3.4.0.6?
TIA
Jon
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 03 March 2007 : 18:53:05
|
No, the poll mod is not present in our 3.4.06 version. Also, almost all files changed from 3.4.03 to 3.4.06.
Regarding security, though, you can just apply all security fixes posted since 3.4.03 came out. Also, you should subscribe to posts in the Announcements: Security Fixes forum. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
| |
Topic |
|
Topic Locked
