Author Topic: Forum was NOT hacked (Read 60 times)

Josetann · « **on:** June 06, 2007, 04:14:44 PM »

At least it wasn't hacked in the way you think of a forum being hacked. Somehow they were able to impersonate members, but didn't actually get control of their account far as I can tell. They definitely didn't get any passwords (even if they did, they're encrypted in the database, making it useless). There were a couple of patches for the forum, nothing that seemed urgent but I went ahead and applied them. Made a backup of the mysql database in case the trouble isn't over yet and they manage to screw things up more.

So to reiterate, yes they were able to change things in people's profiles (looks like just me, pureblood, and rugby), make some posts, an announcement, that's about it. I do have logs of everything that was done in the admin section, I saw two failed login attempts from their ip, nothing successful.

greazee · « **Reply #1 on:** June 06, 2007, 04:20:58 PM »

i knew there was a reason he couldnt ban me lol

did you happen to click a link someone sent you before it happened?

Allanon · « **Reply #2 on:** June 06, 2007, 04:21:35 PM »

[quote name=\'Josetann\' post=\'336797\' date=\'Jun 6 2007, 05:14 PM\']At least it wasn't hacked in the way you think of a forum being hacked. Somehow they were able to impersonate members, but didn't actually get control of their account far as I can tell. They definitely didn't get any passwords (even if they did, they're encrypted in the database, making it useless). There were a couple of patches for the forum, nothing that seemed urgent but I went ahead and applied them. Made a backup of the mysql database in case the trouble isn't over yet and they manage to screw things up more.

So to reiterate, yes they were able to change things in people's profiles (looks like just me, pureblood, and rugby), make some posts, an announcement, that's about it. I do have logs of everything that was done in the admin section, I saw two failed login attempts from their ip, nothing successful.[/quote]

Good to know, anyway we can get the pinned topics back?

Pureblood · « **Reply #3 on:** June 06, 2007, 04:22:14 PM »

So he never had my pass? Because i clicked his link around 10:00 oclock. Then around 2:30 he posted saying i got a new email and stuff, trying to scam people. Rugby is the who did it incase you didn't know.

Josetann · « **Reply #4 on:** June 06, 2007, 04:31:52 PM »

[quote name=\'Pureblood\' post=\'336804\' date=\'Jun 6 2007, 04:22 PM\']So he never had my pass? Because i clicked his link around 10:00 oclock. Then around 2:30 he posted saying i got a new email and stuff, trying to scam people. Rugby is the who did it incase you didn't know.[/quote]

Well, rugby's profile was "hacked" too, so he may have just been a victim. BTW I had to clear out a lot of stuff in your profile, you may want to go add the stuff back in that you want.

It looks more and more like he was able to be "logged in" as us, and could do anything we could do, except he couldn't get to the admin control panel. The announcement thing he did, that's something I don't have to be logged into the admin cp to do. Banning can only be done from the admin cp.

I have access to all the stuff he deleted, unfortunately there's no simple undelete button. I'm not sure where it all goes. I'm trying to figure it out now.

Pureblood · « **Reply #5 on:** June 06, 2007, 04:46:24 PM »

ok the pinned topics are back.
But we didn't have that many before.
All we had was One name: Rules!!! made by me.
There there was an: Antiscammers thing. Made by Allanon. If you can't get them i'll try to remember what was in it. But thanks anyways.

Josetann · « **Reply #6 on:** June 06, 2007, 04:59:15 PM »

All the pinned topics are back, though probably not in the right place. And please don't get upset if you see someone who posted in the wrong section in the past, it could have been my fault (I quickly scanned the threads and did many mass moves, I took special care to keep any posts for the Anti-Scammers in here). I also deleted a lot of posts made today, just in case.

Oh, and if you're paranoid (which can be a good thing) just log out and log back in. I enabled the Stronghold cookie, which will make it much harder for someone to hijack your cookies (well not really, but if they do and they're not in the same ip range as you, the cookie's no good for them). Now if you have an isp that changes your ip alot and it's just all over the place, you may have to login more than usual, but oh well.

Pureblood · « **Reply #7 on:** June 06, 2007, 05:18:34 PM »

Ok thanks for the info. Just to let you know i found the one pinned topic.. And i am sure i will find allanons too. Thanks for all the help.
Hopefully it doesn't happen again

TheTechGuide Forum

News:

Author Topic: Forum was NOT hacked (Read 60 times)

Josetann

Forum was NOT hacked

greazee

Forum was NOT hacked

Allanon

Forum was NOT hacked

Pureblood

Forum was NOT hacked

Josetann

Forum was NOT hacked

Pureblood

Forum was NOT hacked

Josetann

Forum was NOT hacked

Pureblood

Forum was NOT hacked