Topic: Yay for getting hacked!

Okay, so I know I should keep up with the patches... and I know I should back up regularly... but, of course, I didn't. Now, I pay.

Long story short, I'm running OS X 10.3 server, have all the latest updates for that. Running PubBB 1.2.2, two security updates behind. Also have the backup admin plugin, but here is the problem. I'm no longer an admin. I have nightly backups of the drive, but I don't want to resort to that. Is there any way I can manually make myself an admin, or insert an admin account?

I have since blocked the IP and domain the guy (girl?) came in through, so I don't anticipate anything for a little while, at least. (I did a simple .htaccess block)

Now, I have all the forums and threads deleted, and my admin account is .. well .. not an admin account. tongue

How do I make one? I have full access to the 'server' - it's just a Yosemite G3 sitting on my table.

Thanks in advance,

-Tim

2

Re: Yay for getting hacked!

shit that sux big time hope and i am sure someone will help you out

Re: Yay for getting hacked!

Oh, and another thing:

I also back up my hard drive nightly (or, at least, I'm supposed to be, I never really checked whether it kept the midnight schedule after I ran the backup once...) and should have the actual mySQL database file backed up.

Where is that file? Methinks I can just replace the database file itself, and be done with it. That's the only part of my server that was compromised, as far as I can tell...

-Tim

Re: Yay for getting hacked!

If you have phpmyadmin, just go in, and change group id to 1 on for your username under users.

Re: Yay for getting hacked!

Unfortunatley, I do have it installed but it's not properfly configured, and my attempt at getting it to run gave me nothing but a "MySQL said: [ ? ]
#1045 - Access denied for user: 'admin@192.168.10.250' (Using password: YES)" error.

:shrug:

Can I edit the db through vi or something? tongue

-Tim

Re: Yay for getting hacked!

Actually, silly me, I delted the last version of phpMyAdmin, and downloaded a new one.

I actually read the instructions this time, and followed them, and now it works. I changed the group_id to 1, and lo and behold, I'm an admin. Thanks a whole lot, I'm trying to restore the dB as we speak.

<3

-Tim

7 (edited by Ataxy 2005-03-31 04:53)

Re: Yay for getting hacked!

good let us know how it goes, oh and by the way whats your site about?

Re: Yay for getting hacked!

The site in question is our guild, The Iron Curtain, for the World of Warcraft (played on the Shattered Hand server.) It's kind of a shame, since there are about 100 regular visitors to our site, and all this data seems to be lost.

Well, this is how it goes: I tried to Restore from File in the DB Management pane, and I keep getting errors. I have both .gzip compressed and .txt backup files, and those don't seem to work.

I've since updated to 1.2.4, so I hope the exploit the guy/girl was using is no longer there. I have a good idea of who it is, but for practical purposes, I'll let that idea stay in my head for now.

Anywho, I'll keep tinkering with it. The worst news (for me) is that I found out that the nightly backups never occured, and the last manual backup (that won't work anyway) I had was Februrary 27th. :x

Some people are going to be mad. big_smile

-Tim

Re: Yay for getting hacked!

Now, my next question: any way to un-delete tables and rows that have been deleted? Do they get flagged for deletion much like the bits on a harddrive, or is it a one-way process? I don't suppose there's a 'trash can' feature in phpMyAdmin? sad

-Tim

Re: Yay for getting hacked!

i don't think so, you should be able to restore database backups directly from phpmyadmin if you still have problems come to #punbb @ irc.quakenet.org on IRC if you can and i can help you

Re: Yay for getting hacked!

The thing is, I made the backups through your DB admin, not phpMyAdmin. I only got that installed and running today.. :x

-Tim

Re: Yay for getting hacked!

yeh but you can still restore them through phpmyadmin

Re: Yay for getting hacked!

How? I can only see how to back up a file, I don't see a way to upload the .sql file...

-Tim

Re: Yay for getting hacked!

I got hacked, too. Yes, before the latest update - I had just found out about the update a day before, put it off and this happens >.< Teach me to put these things off.

A guy broke into the board, made himself admin, and then deleted all my forums but one, which he put obscene messages in. I couldn't figure out how to get my admin status back, so I deleted all the files and old db.

I did get the last db backup re-installed, and a backup of my files back up. The board would technically be good as new now, but I ran into a few snags. The updated version won't install, but I think I found another thread here dealing with that problem (some error about the version I'm running not being compatible), so I'll check that out first before rehashing it here.

Anyway, I just wanted to say, you weren't alone in being hacked. And there is a way to upload the sql file. In php my admin, you should see tabs along the top once you select a db to look at. Second tab should say SQL. Click that. There you see two options. You can paste your sql file into the box, or use browse to find it on your comp. Mine took a LONG while to load, so just wait til it does. You also have to delete your old db first for it to not show errors when it's done. Hope that helps.