| Author |
 Topic  |
|
JimAmigo
Starting Member
37 Posts |
 Posted - 17 December 2007 : 09:58:39
|
quote:
Originally posted by Mighty Whites
We were hacked last night by some Turkish militant website.
Need assistance in getting the forum back up and running. The webhost LCN stated that the ASP was weak and the hackers got into the back end of the forum.
Now I am not a techie, and have forgot most of the stuff that I learnt when setting the forum up.
So, some quesions
The forum wasn't backed up anywhere, does this mean that effectively that all the posts are lost, even though looking in the FTP pages of the forum there appears to be a lot of stuff still in there?
Have we someone on here that will be kind enough to upload everything and save as much of the old forum as possible, the last thing I want to do is delete or overide files etc that I don't need to.
What about the ASP coding, is there a fix for this ?
http://www.leedu-forum.org.uk is the forum address.
I have just removed the index.htm page that directed you to the other site.
How do I put up a temporary page, to let users know what is going on?
A speedy reply and assistance would be greatly appreciated.
This same hack happened to my forum overnight? Can someone tell me how to resovle thi issue. my forum is at http://www.GolfinAmigos.com/forum/
I've taken down the down.asp page of the forum to stop the redirect in the meantime. I didn't see an index.htm page in my forumn folder?? |
JimAmigo |
Edited by - JimAmigo on 17 December 2007 10:05:49 |
 |
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 17 December 2007 : 10:27:45
|
As posted at the beginning of this thread:
quote:
I would advise you to check the "Announcements: Security Related Bug Fixes" forum - and subscribe to it so you'll be notified of any other issues that pop up. This is probably a result of the issue that was patched on 1 Dec. 
I'd also take a look through the "DEV Bug Reports (Open)" forum and fix any other outstanding issues.
After applying all the patches I would go to the Admin options and see if they created any extra Admin accounts and lock them. Then I'd start systematically going through all the settings to see what might have been changed. Then I'd start going through the files and see if any had been modified or if there are any new files that weren't there before.
Also, you may want to close the forums down while you are doing this so they don't have the opportunity to jack with anything while you're doing this.
And as Rui has mentioned in this thread and a couple of others you are going to want to check the forum descriptions in all of the forums to see if they added code for an <iframe /> or some such.
Unless it was changed, there shouldn't be any reason to remove the down.asp page. |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
JimAmigo
Starting Member
37 Posts |
Posted - 17 December 2007 : 10:39:00
|
| Thanks so much for your quick help and response, it is most appreciated. I'll never understand what motivates people to do these types of things. |
JimAmigo |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
dmoody
Starting Member
United States
2 Posts |
Posted - 17 December 2007 : 12:50:16
|
I am in a similar situation as our site was hacked by the Turkish flag thing. The person who maintained our site is no longer with us and I can not find where to fix this problem. I have restored the SQL data base from prior to the hack. They had injected data into the Forum_Config_New table. And was not sure about others so restored the whole thing. I re-named the down.asp to stop the link from working but can not figure out how to get into the forum now. Every asp file I try sends me to the hacked page. I know an admin user and password but am not sure what you were asking about for an FTP account. We have a public site but I don't know of one specific to the forum. With no way to get into the forum, all I can do is look in the SQL tables for stuff.
Thanks for any help I can get. |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 17 December 2007 : 14:51:33
|
| Assuming the forum is hosted on the same server as the rest of your site (this is usually the case), the FTP info will be the same as the public site. |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
dmoody
Starting Member
United States
2 Posts |
Posted - 17 December 2007 : 15:22:15
|
I finally got into the admin login. The iframe code was in the server down message. I deleted all the code in the message window and hit the button to start the forum and I am back up and running. I have also added all the security patch code I found on the site. The thing I was missing was usinf the ?mlev=4 in my login attempts. One I did that I got the admin login screen and recovered.
Thanks |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 17 December 2007 : 15:40:49
|
| Glad you were able to get it working. |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
Swn-Y-Mor
New Member
90 Posts |
Posted - 18 December 2007 : 13:13:08
|
I have just been hacked by the same person - I have applied the Fix of 04/12/07
My forum/default.asp page is now trying to run an active x
This website wants to run the following add-on: 'Microsoft Data Access - Remote Data Services Dat....' from Microsoft Corporation'.If you trust the website and the add-on and want to allow it to run, click here...
and also
This website wants to run the following add-on: Outlook.exe from Microsoft Corporation'.If you trust the website and the add-on and want to allow it to run, click here...
Any suggestions, help greatly appreciated.............
|
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 18 December 2007 : 13:15:15
|
| Same suggestions that were made at the beginning of this thread... |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 18 December 2007 : 13:19:29
|
The fix for the activex issue is explained in this thread: check the each of your forum descriptions, the code for inserting the activex was added to one, for sure.
Subscribe to our Security Related Bug Fixes forum to avoid a similar situation in the future. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Swn-Y-Mor
New Member
90 Posts |
Posted - 18 December 2007 : 13:31:22
|
Yes, Thank You
<iframe> in descriptions. You guys are the best |
|
|
|
wwwatcher1
Starting Member
3 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Topic |
|
Topic Locked
