Hacked last night

**Onimua** · Thu 28 Jun '07, 12:51am

Do you have any customizations such as file edits/plugins? Is your password easy to guess (did you also change it after the hacking?)? Have you spoken with your host to check the server logs to see where the points of entry could have come from?

**rady** · Thu 28 Jun '07, 1:38am

the attack came from saudi arabia, i checked the adminlog from mysql and noticed that besides deleting 2 users (both admins) and editing the forumhome template, he also edited the faq and the suergroups.
my password could have been guessed, i'm sure. I have afew file edits but notjing important. The user that created this, was apparently registered on july 2 2006 when i was still under phpBB. the thing is he deleted my username that had +2000 posts. Is there anyway to restore that? what tables must be altered?

**Onimua** · Thu 28 Jun '07, 1:54am

The only way to restore the database is to upload an old backup. There's no telling what other kind of access he may have had as well, so I would suggest changing all your passwords that are associated with the site.

**jluerken** · Thu 28 Jun '07, 3:09am

You should put your admin accounts in the config.php so that attackers cannot alter/delete your main admin accounts.

**rady** · Thu 28 Jun '07, 6:10am

How do i do that?

**Onimua** · Thu 28 Jun '07, 6:20am

Originally posted by rady

How do i do that?

In includes/config.php:

PHP Code:


    //    ****** UNDELETABLE / UNALTERABLE USERS ****** 
    //    The users specified here will not be deletable or alterable from the control panel by any users. 
    //    To specify more than one user, separate userids with commas. 
$config['SpecialUsers']['undeletableusers'] = '';

Look for that section, and then put all administrator UserIDs in the ''.

Hacked last night

Hacked last night

Comment

Comment

Comment

Comment

Comment

Comment