Topic poster update sql help

Posted: Fri Sep 30, 2005 2:22 am

A friend of mines Harry Potter site got hacked twice recently.
I have spent 2 days updating his site including patched and Sentinel - took so long because the site is very customised with 'group' based themes etc.
I think I have done everything I can except for one annoying side effect and that is, every news article that was posted has had the 'Posted By' name changed from the site admin to the hackers handle.
I am probably tired or having a brain fart (probably both) but I dont seem to be able to locate where this data is stored in the DB.
Anyone help me out with update 'x' where 'y'='z' sql query please to update all news article poster id's to that of the God admin id?

Sells PC To Pay For Divorce Joined: Posts: 5661

well i have those samples on my other computer guardian..,but im on a laptop now...(picking up my computer in a few hours..lol..)

But normaly a fast fix would be like update table like..

Code:




UPDATE table


SET column = adminname


WHERE idiot hacker name;

Something like that...
but another easy fast fix would be to grab the news stuff and do mass replace,search ...idiot hacker name...replace with admin name.
and done..

Posted: Fri Sep 30, 2005 5:03 am

Thanks Hit - I dont suppose you know which table I could find this data in?
Been at this nearly 48 hours straight now am I'm sure my eyes are out on stalks lol.

Posted: Fri Sep 30, 2005 5:49 am

well looking at a new sql file im pretty sure it has to be "informant".
You will see that a few times.
Like in nuke_autonews and in nuke_stories
backup before doing anything.
and check the contents inside if it is realy changed.

but i dont understand one thing...
nuke gets its info from settings and config entered into the system.
are you sure changes are in the database ?
If so you can easely proceed..

Posted: Fri Sep 30, 2005 6:55 am

I am not sure to be honest, I'm finding it hard to concentrate with this banging headache.
I am guessing the username is stored in the DB as the hacker must have used some form of sql injection to change the username from that of the God admin to his own after he managed to create an admin account himself.
I tried editing the articles manually but was unable to update the 'Posted By' username.
Seems I got finished just in time as Sentinel just whooped his ass and quite nicely revealed the exploits he used as well as his IP and a couple more he tried to proxy in off.

My friend is a bit happier now he has some updated security for the site - though it looks like yet another nuke site I'll end up monitoring and updating with latest patches/Sentinel etc.

I'm going to grab a couple of hours sleep and then take another look at this.

Posted: Fri Sep 30, 2005 7:02 am

well to be honest its not that smart working on a site if you feel like you do ....lol
it isnt that easy.
sure there are commands to replace all in the database but i also did it in other ways.
simple mass replace,but only if in your case all names are actualy changed.
get some sleep and continue when you feel better.. Smile

Posted: Fri Sep 30, 2005 7:45 am

Got it!!

Code:

UPDATE `nuke_stories` SET `aid` = 'goodusername' WHERE `aid` = 'hackersname';

Obviously 'goodusername' is the username of the God amin and 'badusername' is the one the hacker used.
Great, now I can go rest hehe.

Posted: Fri Sep 30, 2005 8:00 am

nice....
headache is gone....lol
well now you have another site to update every time......
dont forget to sleep......ha...ha