Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 My Forum Was Hacked!!!!		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

mdelcour2000
Junior Member

United States
133 Posts
Posted - 22 December 2007 :  13:45:13  Show Profile  Visit mdelcour2000's Homepage
Yesterday my forum was hacked, and the perp was able to make himself an administrator and start deleting my members and some posts. As well as locking some other posts. How did this happen. I fixed the security problem that was posted about a month ago. I really don't know how this happened, but would sure appreciate it if any one could help figure something out so this does not happen again.


~MD
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"

modifichicci
Average Member

Italy
787 Posts
Posted - 22 December 2007 :  14:00:02  Show Profile  Visit modifichicci's Homepage
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66078
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=66005
Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 22 December 2007 :  14:09:52  Show Profile  Visit mdelcour2000's Homepage
again, I did the patch from Rui on Dec. 5, this did not stop the hacker. The first link you gave me only talks about what happened there were no fixes. The second is the security bug fix I just uploaded. Neither were a help.
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

modifichicci
Average Member

Italy
787 Posts
Posted - 22 December 2007 :  14:16:25  Show Profile  Visit modifichicci's Homepage
can you provide a link to your forum?
Ernia e Laparocele
Forum di Ernia e Laparocele
Acces - MySql Migration Tutorial
Adamantine forum
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 22 December 2007 :  14:20:03  Show Profile  Send ruirib a Yahoo! Message
Had you been hacked before applying the fix on the 5th? Also, which mods do you have installed?

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 22 December 2007 :  14:49:58  Show Profile  Visit mdelcour2000's Homepage
quote:
Originally posted by ruirib

Had you been hacked before applying the fix on the 5th? Also, which mods do you have installed?




To answer your question, no I have never been hacked before. The hacker was deleted and I think I have most things fixed, but I just don't want this to happen again. Know what I mean.

My forum url is www.lacledeforum.com
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 22 December 2007 :  14:59:34  Show Profile  Send ruirib a Yahoo! Message
Well you need to check your forum logs to see how it was done.

You do have several mods, so the cause for the hacking may lie there, but the logs can provide further info.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 22 December 2007 :  15:13:38  Show Profile  Visit mdelcour2000's Homepage
how do I do that?
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 22 December 2007 :  15:22:28  Show Profile  Send ruirib a Yahoo! Message
Probably you can access the logs folder through FTP and then download the file for the day the hack occurred.

If you want, you can email me the FTP data and I will have a look. Let me know when precisely when it happened.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 22 December 2007 :  18:01:17  Show Profile  Visit mdelcour2000's Homepage
ok, when I looked on my FTP, I found a new folder named "source" I opened it and there is another folder named "com" I opened that one only to find yet another one named "jeroenwijering" I opened that one and there were 3 more folders named "feeds" "utils" and "players" there seems to be nothing in these folders but they weren't there yesterday. Any thoughts?
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 22 December 2007 :  18:07:49  Show Profile  Send ruirib a Yahoo! Message
That seems some kind of video player, don't think it has something to do with the forum.

You need to check your logs, that's what really matters.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Hermes
Junior Member

Croatia
113 Posts
Posted - 23 December 2007 :  07:53:50  Show Profile
If you do not have acess to your log files, you should ask your host provider to give you all logs of specific date when hacking occurred.
ASP Snitz Forum Upute za instalaciju
http://www.kairos.com.hr http://www.hermetizam.com Forum

not so newbie any more :)
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 25 December 2007 :  14:17:41  Show Profile  Visit mdelcour2000's Homepage
sorry it has taken so long to answer. I have contacted my server provider. They keep the logs. I don't have access to them. The forum was indeed hacked, and they are looking into it. Thank you all so much for the help you gave me. It is much Appreciated!!

~MERRY CHRISTMAS AND A HAPPY NEW YEAR~
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 25 December 2007 :  14:20:06  Show Profile  Visit mdelcour2000's Homepage
I still don't understand how they made themselves an admin. Doesn't that sound strange. I know they could not have hacked my password (I think) it contains Upper Alpha Lower Alpha Numeric and Symbols. That would have been hard to do. Don't you think? Just a thought.
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page

JohnC
Junior Member

215 Posts
Posted - 25 December 2007 :  14:50:42  Show Profile
I doubt the purp has your password. It was probably done by SQL injection, like mine. Get the IP address of the purp by its profile and supply that to your hosting company. That should make it easier for them to supply you with the purp’s tracks.

Merry Christmas and Happy New Year!
Go to Top of Page

mdelcour2000
Junior Member

United States
133 Posts
Posted - 25 December 2007 :  15:11:11  Show Profile  Visit mdelcour2000's Homepage
Thank you I will do that.
http://lacledeforum.com/

"Never get so busy doing the work of the kingdom that you forget who the King is"
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.45 seconds. Powered By: Snitz Forums 2000 Version 3.4.07