Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
giantmidget
Regular
Regular


Joined: Nov 27, 2005
Posts: 53

PostPosted: Sun Nov 27, 2005 4:23 pm Reply with quote

My site is up to date, patched out th wazooo. 7.6 2.3.1 patch 2.0.0.18 forums, and 2.4.2 sentinel

I just now found how my forums were being deleted. Somehow, a someone I made a moderator a few years ago still had moderator powers. I have not seen this person on in 2 years. I never saw them in the moderator groups anymore and thought I had long since removed them.

I banned the IP's

207.172.238.74
207.42.94.135
I do remember this person having AOL, so a problem there.


and deleted the username. IP tracker showed them doing lots of things like this:

/phpnuke/modules.php?sid=80fa6d4a98c63828d3b0fd0dca32241a&mode=delete&f=28&topic_id_list=Array&confirm=Yes

Now I have a small problem. I need to make sure ALL moderators and admins except myself are definitely gone. And I need to restore my database without RE-Allowing this person back.

I was literally watching my forum posts disappear a few minutes ago.

Could use some fast help ??? Please ?
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun Nov 27, 2005 4:50 pm Reply with quote

Normally it´s better to change the password and the email instead of deleting the username. But I´m wondering when you delete his uname how he is able to log in ? The only reason I can imagine is that he used an old session, but he would get something like "I don´t like you". However, I quess you only have to check the database and all the settings for admin,mods and groupmods.


Last edited by Susann on Sun Nov 27, 2005 4:53 pm; edited 1 time in total 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Nov 27, 2005 4:51 pm Reply with quote

Use NukeSentinel to shut your site down, for starters. I'll post more in a following post.
 
View user's profile Send private message
Raven
PostPosted: Sun Nov 27, 2005 5:00 pm Reply with quote

Now, with your site locked down, you should be able to do your restore. The moment it is restored, make sure that NukeSentinel still has it locked.

Then, use phpMyAdmin and edit his user record and change his user_active to 0 (ZERO), his user_level to 1, and his email to your email address or a bogus email. Make sure he is not in your nuke_authors table. Make sure he is not in your NukeSentinel admin table. Under Forum Admin User Management, make sure his username does not have any individual permissions. And, make sure that the username is not a member of any special forum groups.
 
Raven
PostPosted: Sun Nov 27, 2005 5:02 pm Reply with quote

Also, use phpMyAdmin and run this query
Code:
SELECT username, user_id, user_active, user_level FROM nuke_users WHERE user_level NOT IN(0,1)

That will give you a list of anyone with special user levels.
 
giantmidget
PostPosted: Sun Nov 27, 2005 5:04 pm Reply with quote

k, its disabled. Thats a nice feature hehe. The name deletion and IP banning came within minutes of this post, and so far, nothing further has been disturbed, but they managed to delete approx. 3/4 of all the posts.

I downloaded a backup immediately after I made all updates earlier today securing the site. How difficult would it be to restore only forum posts ? I would like to keep all IP bans, user dletions I made etc.

THANKS !
 
giantmidget
PostPosted: Sun Nov 27, 2005 6:02 pm Reply with quote

Thanks for the help - I restored the entire site, and also restored current Sentinel files with all blocks, then made user changes to that user. Now that user who uses the same name on many many sites, will be infamous.

You can view their eulogy here: ginnypotter.com

Thanks for the help - at least through all of this, I secured my site against outside hackers. I have no idea how this legacy moderator remained, or how they had previously been able to remove all other mods but myself before all the updates.
 
Raven
PostPosted: Sun Nov 27, 2005 6:29 pm Reply with quote

You could try replacing all your forum files with your latest backup to see if it retains the posts. You'd probably want to restore users also to keep the posts count in tact.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©