| Author |
 Topic  |
|
|
Richlizard
Starting Member
16 Posts |
 Posted - 17 June 2017 : 11:19:59
|
Hi all.
We are in a bit of a pickle over at www . krackedkings . com
Our web site has been hacked and a virus put in place. We cannot access our site and the host has told us our best option is to wipe the server clean and start again - after 12 years of running the forum within our site, so thereby losing all our threads and memories of trips all around the world!!
We are now really clutching at straws and almost as a last resort we were wondering if our actual forum would remain intact within our web site? In other words, as we are using a Snitz forum is there a chance we could access it outside of our actual site which contains many other things outside of the forum.
I appreciate I may be sounding daft with this request, but we are getting really desperate.
Thanks in advance for any help.
Richard |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 17 June 2017 : 17:02:55
|
do you have ftp access to the site?
what type of database were you running it on?
It is very unlikely that the forum code/database has been infected with a virus, so can probably be recovered if you have access to the files.
Please don't panic  and do anything rash like wipe everything. My server was compromised a few weeks ago and all the files encrypted but I managed to recover everything
|
MVC .net dev/test site | MVC .net running on Raspberry Pi |
 |
|
|
Richlizard
Starting Member
16 Posts |
Posted - 18 June 2017 : 06:42:48
|
quote:
Originally posted by HuwR
do you have ftp access to the site?
what type of database were you running it on?
It is very unlikely that the forum code/database has been infected with a virus, so can probably be recovered if you have access to the files.
Please don't panic and do anything rash like wipe everything. My server was compromised a few weeks ago and all the files encrypted but I managed to recover everything
Hi Huw and thanks for the reply.
The virus was the same one that got to the NHS - Wannacry. Our hosts - Fasthosts - say it is nothing to do with them. They said it was our fault for not having a backup service with them. Strangely they attempted to use a backup they had but when it failed, they deleted it!!!
I managed to log in to the server initially and appeared to remove the virus, but it had to be restarted. Once it restarted, I could no longer log in due to a group policy issue. Fasthosts told us this was due to there being multiple accounts including one called IISUSER_ACCOUTXX. They told us our 'simplest' option was to wipe the server clean and start again... losing 12 years of threads and memories. They said this was because they could not get into the server any other way.
I of course questioned how on earth they knew of this rogue account if they could not get into the server and why we would want the 'simplest' option if this meant us losing everything. In addition of course, why would we wipe everything clean and then remain with them if they are open to attack and do nothing to help us!!!
Unfortunately, I am not too experienced with servers and databases as it was set up by my partner who left years ago. So no idea if we can gain FTP access and as Fasthosts have given up on it, no idea if I did or did not remove the virus.
So I am sure you can see why coming here was a last resort in a thin hope that the forum might be accessible outside of our site which included many other things.
Sorry if that is a little long-winded but this has now been going on for weeks. |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 18 June 2017 : 11:23:31
|
If it has been several weeks and had a reboot then it is probably too late I'm afraid, and without access to the server itself there isn't really anyway to check if/what can be saved.
Unfortunately your attempt to remove it probably failed (they are notoriously difficult to get rid of) and then rebooting almost certainly made the situation worse.
There are some tools available that can decrypt the wannacry encryption, but obviously that requires access to the files.
Fasthosts are not unique in not offering backup services unless you pay extra I'm afraid.
I backup my own server since the cost of having it done by my hosts would almost double what I currently pay for the server, it is ridiculous I know, but really not much that cane be done about it, you will find pretty much all hosts are the same.
Sorry I can't be anymore helpful, but without access to the files there is nothing that can be done.
|
MVC .net dev/test site | MVC .net running on Raspberry Pi |
|
|
|
Richlizard
Starting Member
16 Posts |
Posted - 18 June 2017 : 13:44:03
|
| Thanks anyway |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 22 June 2017 : 19:47:49
|
So the files got encrypted, but what about the database? It encrypted that too?
|
Support Snitz Forums
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 23 June 2017 : 03:25:54
|
quote:
Originally posted by Davio
So the files got encrypted, but what about the database? It encrypted that too?
If it is an access database then yes probably, if it was SQL then unlikely as it will have been locked out by sql processes, however if you can't get on the machine there is no way of retrieving the database.
When this server got hacked and the files encrypted (not by wannacry) the sql databases were fine, just everything else was encrypted, but I was able to access the machine and brute force the encryption key which allowed me to then decrypt all the files.
|
MVC .net dev/test site | MVC .net running on Raspberry Pi |
|
|
|
golfmann
Junior Member
United States
450 Posts |
Posted - 23 June 2017 : 12:15:59
|
You should write an article on how to beat ramsomeware...
Could come in handy :)
|
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
|
|
golfmann
Junior Member
United States
450 Posts |
Posted - 23 June 2017 : 17:21:53
|
That's why I ended up buying a whole new rig...
I figured there was SOMETHING lurking somewhere.
Superstitious, I guess...
(Plus, it was a good excuse to upgrade) :)
|
|
|
| |
Topic |
|
