Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 Forums hacked into last night!		  New Topic  Topic Locked
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 7

mdelcour2000
Junior Member

United States
133 Posts
Posted - 27 January 2008 :  22:30:55  Show Profile  Visit mdelcour2000's Homepage
ok, something funky is going on. I replaced my files last night. Today I log on only to find that the forum has been hacked again, with the same message. This time however, I can't shut the forum down. I press the "stop the board" button, and it won't stop it. I guess I am going to have to delete my database and start over there too. Anyone have any ideas?
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 27 January 2008 :  22:33:27  Show Profile  Visit mdelcour2000's Homepage
ok, I finally got the board to shut down. Fixed that. But how is this person still getting in?
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

phy1729
Average Member

USA
589 Posts
Posted - 27 January 2008 :  22:40:12  Show Profile
Did you check for admins you don't know?
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 27 January 2008 :  22:42:29  Show Profile  Visit mdelcour2000's Homepage
yes, and I locked them. I really don't want to delete them, as they can just do it again. I really don't know what to do!
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 27 January 2008 :  22:45:47  Show Profile  Visit mdelcour2000's Homepage
I have 2 more forums that I run, I am just praying this person dosen't figure out that I own them too and do something to them!
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 27 January 2008 :  22:48:20  Show Profile  Visit muzishun's Homepage
quote:
Originally posted by mdelcour2000

yes, and I locked them. I really don't want to delete them, as they can just do it again. I really don't know what to do!

Since you have overwritten all of your forum files with new ones from the download, the security hole they used to get in the first time has been filled. You should be able to safely delete any hackers' accounts. Still, setting their member level to regular member and locking them should suffice.
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 27 January 2008 :  22:51:41  Show Profile  Visit mdelcour2000's Homepage
ok, I replaced the files yesterday, and then they hacked again since then. Since, I have locked their accounts (there were 3 this time)I should not have any more problems correct?
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

muzishun
Senior Member

United States
1079 Posts
Posted - 28 January 2008 :  00:24:12  Show Profile  Visit muzishun's Homepage
If you are running a clean install of Snitz without any mods, they should not be hacking in so easily through the forum. I am less experienced with tracking this sort of thing through server logs, but perhaps HuwR or ruirib could weigh in with some advice. But I don't believe they are getting in through the forum (at least, I would hope not).
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com)
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20600 Posts
Posted - 28 January 2008 :  02:08:36  Show Profile  Visit HuwR's Homepage
quote:
Originally posted by mdelcour2000

ok, I replaced the files yesterday, and then they hacked again since then. Since, I have locked their accounts (there were 3 this time)I should not have any more problems correct?


do you have all the Latest fixes ?
did you remove any/all bogus accounts with admin status ?

if you have done all the above then we can only help if you can supply us with the IIS log files for the time you were hacked.
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 28 January 2008 :  04:32:36  Show Profile  Send ruirib a Yahoo! Message
Giving HuwR or me access to the IIS logs would be most helpful.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

philwhite
Starting Member

Germany
47 Posts
Posted - 28 January 2008 :  05:23:00  Show Profile
Just a quick point. Whenever I get spammers or, in this case, a hacker, I never delete the account. I just lock it. It adds an additional hurdle because they have to use a different (existing) email address. That doesn't mean much in these days of multiple addresses, but it's another hurdle. Is there any advantage to actually deleting their account?
Phil White
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20600 Posts
Posted - 28 January 2008 :  07:26:56  Show Profile  Visit HuwR's Homepage
quote:
Originally posted by philwhite

Just a quick point. Whenever I get spammers or, in this case, a hacker, I never delete the account. I just lock it. It adds an additional hurdle because they have to use a different (existing) email address. That doesn't mean much in these days of multiple addresses, but it's another hurdle. Is there any advantage to actually deleting their account?

None whatsoever we also recomend locking bogus accounts rather than deleting them
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 28 January 2008 :  19:08:49  Show Profile  Visit mdelcour2000's Homepage
I locked the accounts deleted their posts, deleted all snitz files and re-loaded them, and then locked the board. Again, they have hacked the site, unlocked it, and reposted their junk. I really don't know what's going on. It is hosted on a GODADDY server, I have contacted them. They are the only ones that have access to the IIS Logs. I asked several times. They are launching an investigation, however, my forum is still getting hacked, and I don't know what else to do. I am not understanding, how they are doing this.
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 28 January 2008 :  19:58:41  Show Profile  Send ruirib a Yahoo! Message
You sure you removed all bogus admin accounts? That seems very, very weird. If there was a Snitz related issue we would be having serious trouble elsewhere too. Anyway, without the logs it's hard to do something...

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20600 Posts
Posted - 29 January 2008 :  01:57:03  Show Profile  Visit HuwR's Homepage
you say you deleted all snitz files and re-loaded them, so once again I will ask.

DO YOU HAVE ALL THE LATEST FIXES

also as requested if you send us the iis logs we can work out what happened, it is unlikely that anyone who is unfamiliar with the forum code will be able to tell you what happened, so it is in YOUR interest to get us a copy of the log files
Go to Top of Page
Page: of 7 Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.64 seconds. Powered By: Snitz Forums 2000 Version 3.4.07