| Author |
 Topic  |
|
Alfred
Senior Member
USA
1527 Posts |
 Posted - 14 April 2007 : 19:16:47
|
On my forum site ggholiday.com/bg/forums/default.asp there is suddenly no help link for forgotten passwords. It used to be there!
At the same time there is a message for new registration applicants stating "Sorry, we are not accepting any new Members at this time."
I did not do any of this - does it look like I have been hacked by some jokester? |
Alfred
The Battle Group
CREDO
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 14 April 2007 : 20:38:03
|
Log in and look for any new members. Check the list of admins/moderators from your admin panel and see if there's anybody there that shouldn't be.
Just for clarification, you did have "Secure Admin." turned on? And "Non-Cookie Mode" turned off? |
Edited by - AnonJr on 14 April 2007 20:39:42 |
 |
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 14 April 2007 : 20:44:35
|
I am the only admin, and I can't log on! I have tried all combinations I ever used there before, and since the "forget password" line is gone, I have no recourse!
I don't know about "Secure Admin." :/(
The last new registrant (see upper left corner) just came in last week.
The site ran fine for many years, and I forgot most of what I knew when I built it.
The "Sorry, we are not accepting any new Members at this time." appears under "All Forums", under-category "Registration Rules and Policies Agreement", which is not a category I installed.
|
Alfred
The Battle Group
CREDO
|
Edited by - Alfred on 14 April 2007 21:18:04 |
|
|
|
texanman
Junior Member
United States
410 Posts |
Posted - 14 April 2007 : 21:58:11
|
| From my little knowledge, these changes can only be made in the Asmin Options. If you haven't made the changes, then I guess someone else did. |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 14 April 2007 : 22:11:20
|
| So, how do I login now that I can't get password help? |
Alfred
The Battle Group
CREDO
|
|
|
|
texanman
Junior Member
United States
410 Posts |
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 15 April 2007 : 08:48:04
|
| Texanman has hit it on the head - you need to get into your db to make the changes not, make sure you're running the latest version/all security patches, and bemoan the hostile world of the internet :( |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 15 April 2007 : 12:29:04
|
I checked the db, and found that the last new member had assigned a 3 to his M_LEVEL file. But mine was still a 3 as well!
MY problem still remains not being able to login.
I cannot figure out why my password does not work any longer! |
Alfred
The Battle Group
CREDO
|
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 15 April 2007 : 14:30:44
|
Think it through - someone got admin rights to your system, but didn't want you to demote their admin rights, so needed you not to be able to log in...they changed your password!
Kill the other admin account, copy the password hash of a known passowrd into the password bit on the members table for your account, and update your forums ASAP. |
|
|
|
thermal_seeker
Junior Member
United Kingdom
430 Posts |
Posted - 15 April 2007 : 15:51:08
|
just as a matter of interest... how would a new member be able to assign himself an M_Level of 3 ??
Dave |
No good at coding, but I can plough a field !! |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 15 April 2007 : 16:33:55
|
quote:
Originally posted by thermal_seeker
just as a matter of interest... how would a new member be able to assign himself an M_Level of 3 ??
Dave
My guess would be brute forcing an admin password or an insecure install - would be really keen to know myself |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 17 April 2007 : 14:42:10
|
So would I, so I can prevent it from happening again!
How can I make sure my install is secure now? |
Alfred
The Battle Group
CREDO
|
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 17 April 2007 : 14:52:41
|
Well, for the obvious: if you haven't already - upgrade your code base to the latest version.  Watch what passwords you choose, and don't use the same one you used earlier.
Beyond that, it really depends on how he got in.
If the server itself was the issue, there's a whole other can of worms.... and as I type this, the thought occurs that you should probably look through and see if there are any files on the server that you didn't put there - they may have left themselves a back-door. 
I'd also double-check and see if they made any extra accounts for themselves. Sometimes an attacker will make 3 or 4 accounts and hope that one of them gets missed.
I'm sure theres other advice I should be giving, but I'm drawing a blank at the moment.  |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 17 April 2007 : 16:09:24
|
Alfred, what AnonJr says is good advice, but I'm paranoid, and tend to go one step further - whenever I lose trust of a computer (virus/whatever) I can never feel 100% comfortable with it again (without checking every file, even then it's possible to be rootkitted), so prefer to flatten and rebuild a box. This is not a casual option, and will depend on how your server/site is hosted as to how feasible it is.
If it's just the forum that was comprimised, install every patch. The current patched build is always (to the best of our knowledge) kept secure and up-to-date (hence this forum hasn't been hacked), but there are always new devious attacks being invented. For optimum security, just run a clean Snitz build without code modifications (mods/add-ons) unless you can keep on top of the mods too.
If it is just the forum comprimised, just make sure it wasn't the current build - if it was, some details of your setup may help us spot weak areas. Also, was your password short/weak in any way? Can you get your IIS logs and see any patterns of the attacks? It may help to work out if there's a particular weak point we haven't heard of yet (which we can patch) or alternatively shed some light on why you were a target/comprimised.
Hope it was a one-off for you!
P |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 17 April 2007 : 23:07:07
|
Thank you all for the kind advice.
I suppose it just was my real weak pw, consisting of a 6-digit number only. I made it 13 digits now, with letters and numbers.
Unfortunately, I have so many mods on the site that it would be a nightmare to rebuild it. But I should be able to upgrade ok, without fear of destroying all integration I built. |
Alfred
The Battle Group
CREDO
|
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 18 April 2007 : 06:29:46
|
Good luck.  |
|
|
|
Topic |
|
Topic Locked
