| Author |
 Topic  |
|
arrakis
Starting Member
8 Posts |
 Posted - 10 April 2007 : 03:00:47
|
Hello all, I'm running a Snitz Forum since 2-3 years (v3.4.03), never had problems since 2 days ago.
Suddenly I can't login anymore as admin (I did not change password or did anything on the admin/profile area).
If I put username and password on the /default.asp page, it says "wrong password", if I go to /admin_login.asp it says: "There has been a problem! You are not allowed access."
But I can login as normal user and people on the forum keep posting and answering normally.
Another problem is that on the header, where is "Home | Profile | Register | ... ", the "Register" link disappeared, if you are looged on or not, the link is missing.
I don't know what can be the problem, maybe the database got corrupted or there was some sql injection that messed up?
Any suggestion is appreciated, thanks in advance.
|
|
|
kolucoms6
Average Member
845 Posts |
Posted - 10 April 2007 : 03:04:40
|
| File overwrited by any chance ? |
 |
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 10 April 2007 : 03:31:46
|
If Access db, can you download the database and have a look in the FORUM_MEMBERS table under the M_LEVEL column for yourself and see if you have a value of 3 which is 'Admin'. While you are at it see if any other members have this same level who should not. Then have a look in your config.asp file and at the value for Const intAdminMemberID = ?
This number should be the same value as your MEMBER_ID from the FORUM_MEMBERS table assuming you are the Forum Admin.
For SQL db, connect with Query Analyser or SMSS and execute the following query:
SELECT M_NAME, M_LEVEL FROM FORUM_MEMBERS WHERE MEMBER_ID = <insert your member ID here> gives you your member level.
SELECT MEMBER_ID, M_NAME FROM FORUM_MEMBERS WHERE M_LEVEL = 3 gives you everyone who is Admin level.
|
Edited by - StephenD on 10 April 2007 03:32:19 |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 03:55:19
|
quote:
Originally posted by kolucoms6
File overwrited by any chance ?
No operation was made on the site or admin section... that came out suddenly with no reason.. |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 03:58:57
|
Thanks StephenD.
Yes it is an Access DB, but the main problem is that I don't have Access since I only use original software or open source, so since years I use Open Office ...
Do you know any free or open source software that allows me to open/save Access DB?
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 10 April 2007 : 04:20:37
|
TableEditor will allow you to browse your database online.
As Stephen suggested, it sounds to me like somebody got their hands on your administrative account and either changed your password or created a new account for themselves, promoted that account to administrator and demoted you. They have then turned off registration to prevent you from regaining access by registering a new account.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 04:38:07
|
| Thanks ruirib and Shaggy for the table editor! I'm using it right now on the web site and I'm cheking the DB, I'll let you know shortly! |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 04:48:18
|
quote:
Originally posted by StephenD
If Access db, can you download the database and have a look in the FORUM_MEMBERS table under the M_LEVEL column for yourself and see if you have a value of 3 which is 'Admin'.
Yes, it is 3 on M_LEVEL on Admin account.
quote:
While you are at it see if any other members have this same level who should not.
YES!  I found a username with *.ru email with 3 at M_LEVEL!!! I'm erasing it right now!!!
I wonder how that happened!! 
quote:
Then have a look in your config.asp file and at the value for Const intAdminMemberID = ?
This number should be the same value as your MEMBER_ID from the FORUM_MEMBERS table assuming you are the Forum Admin.
It's 1! I wrote 3 now!
That means someone was able to enter on my site and rewrite files??
Sorry I got it wrong... Yes it is the same.
I'm still not allowed to login as admin, I guess my password was changed. How can I reset it? On the DB it's encoded. |
Edited by - arrakis on 10 April 2007 04:52:53 |
|
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 10 April 2007 : 04:58:49
|
| Can you do the Lost Password form on the login page? |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 05:04:03
|
quote:
Originally posted by StephenD
Can you do the Lost Password form on the login page?
I have no Lost Password form  I'm checking in 2 different Snitz Forum that I have, but no luck finding it...
UPDATE: If I go to /password.asp it redirect me to default.asp |
Edited by - arrakis on 10 April 2007 05:06:57 |
|
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 10 April 2007 : 05:10:26
|
| Ok, copy an encoded password that you do know from your other forums and update your password record in your problematic db using table editor. |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 05:21:47
|
quote:
Originally posted by StephenD
Ok, copy an encoded password that you do know from your other forums and update your password record in your problematic db using table editor.
Thanks! I was able to go back as admin 
I still wonder how that happened, Should I update the forum to the new version? I'm a bit worried to mess it up and not able to go back...
Thanks a lot everyone guys!!! |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 10 April 2007 : 05:28:21
|
It is always recommended that you keep your forums up to date; if you are careful to take backup copies of everything before upgrading, you will be able to roll back to the current version you're using.
As to how it happened, sound to me like they managed to get their hands on your password, either using a dictionary attack or through some other method. For that reason, you should ensure that your password is now different to what it was before they got in. Also, just in case you haven't done so already, be sure to demote and lock the account they created for themselves 
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
arrakis
Starting Member
8 Posts |
Posted - 10 April 2007 : 07:25:44
|
quote:
Originally posted by Shaggy
It is always recommended that you keep your forums up to date; if you are careful to take backup copies of everything before upgrading, you will be able to roll back to the current version you're using.
I upgraded the forum with no problem :) But did a complete backup before!
The only problem is that it doesen't recognize anymore the language, but I think I have to setup somewhere, I just don't remember now but I'll see...
quote:
As to how it happened, sound to me like they managed to get their hands on your password, either using a dictionary attack or through some other method.
Maybe it was some sql injection or things like that, to guess a password is something not easy...
quote:
For that reason, you should ensure that your password is now different to what it was before they got in. Also, just in case you haven't done so already, be sure to demote and lock the account they created for themselves
Sure I deleted it suddenly!
Thanks :) |
Edited by - arrakis on 10 April 2007 07:26:28 |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 10 April 2007 : 07:29:06
|
You'd be surprised how easily some algorithms can "guess" a password that the human brain might not be able to do so easily Besides, even if they had somehow managed to lift your password out of your database, the encryption used would have made it useless when it came to accessing the admin options.
|
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
Topic |
|
Topic Locked
