| Author |
 Topic  |
|
|
Richlizard
Starting Member
16 Posts |
 Posted - 17 June 2017 : 11:19:59
|
Hi all.
We are in a bit of a pickle over at www . krackedkings . com
Our web site has been hacked and a virus put in place. We cannot access our site and the host has told us our best option is to wipe the server clean and start again - after 12 years of running the forum within our site, so thereby losing all our threads and memories of trips all around the world!!
We are now really clutching at straws and almost as a last resort we were wondering if our actual forum would remain intact within our web site? In other words, as we are using a Snitz forum is there a chance we could access it outside of our actual site which contains many other things outside of the forum.
I appreciate I may be sounding daft with this request, but we are getting really desperate.
Thanks in advance for any help.
Richard |
|
|
HuwR
Forum Admin
United Kingdom
20611 Posts |
|
|
HuwR
Forum Admin
United Kingdom
20611 Posts |
|
|
Richlizard
Starting Member
16 Posts |
Posted - 18 June 2017 : 06:42:48
|
quote:
Originally posted by HuwR
do you have ftp access to the site?
what type of database were you running it on?
It is very unlikely that the forum code/database has been infected with a virus, so can probably be recovered if you have access to the files.
Please don't panic  and do anything rash like wipe everything. My server was compromised a few weeks ago and all the files encrypted but I managed to recover everything
Hi Huw and thanks for the reply.
The virus was the same one that got to the NHS - Wannacry. Our hosts - Fasthosts - say it is nothing to do with them. They said it was our fault for not having a backup service with them. Strangely they attempted to use a backup they had but when it failed, they deleted it!!!
I managed to log in to the server initially and appeared to remove the virus, but it had to be restarted. Once it restarted, I could no longer log in due to a group policy issue. Fasthosts told us this was due to there being multiple accounts including one called IISUSER_ACCOUTXX. They told us our 'simplest' option was to wipe the server clean and start again... losing 12 years of threads and memories. They said this was because they could not get into the server any other way.
I of course questioned how on earth they knew of this rogue account if they could not get into the server and why we would want the 'simplest' option if this meant us losing everything. In addition of course, why would we wipe everything clean and then remain with them if they are open to attack and do nothing to help us!!!
Unfortunately, I am not too experienced with servers and databases as it was set up by my partner who left years ago. So no idea if we can gain FTP access and as Fasthosts have given up on it, no idea if I did or did not remove the virus.
So I am sure you can see why coming here was a last resort in a thin hope that the forum might be accessible outside of our site which included many other things.
Sorry if that is a little long-winded but this has now been going on for weeks. |
 |
|
|
HuwR
Forum Admin
United Kingdom
20611 Posts |
|
|
Richlizard
Starting Member
16 Posts |
Posted - 18 June 2017 : 13:44:03
|
| Thanks anyway |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 22 June 2017 : 19:47:49
|
So the files got encrypted, but what about the database? It encrypted that too?
|
Support Snitz Forums
|
|
|
|
HuwR
Forum Admin
United Kingdom
20611 Posts |
|
|
golfmann
Junior Member
United States
450 Posts |
Posted - 23 June 2017 : 12:15:59
|
You should write an article on how to beat ramsomeware...
Could come in handy :)
|
|
|
|
HuwR
Forum Admin
United Kingdom
20611 Posts |
|
|
golfmann
Junior Member
United States
450 Posts |
Posted - 23 June 2017 : 17:21:53
|
That's why I ended up buying a whole new rig...
I figured there was SOMETHING lurking somewhere.
Superstitious, I guess...
(Plus, it was a good excuse to upgrade) :)
|
|
|
| |
Topic |
|
