Jump to content

Forum was hacked.


DarkGizmo

Recommended Posts

So on April 13th my forum was hacked and I lost roughly 500 posts in the matter of seconds. We're not sure how the hacker got in whether it was through the server itself (host security breach?) or the IPB. I checked the logs and couldn't find anything in the admin panel which means they probably did it through the database itself. I found a strange file in my site's root so i deleted it and changed all of my passwords and such. I archived off my IPB and thinking quickly, decided my safest bet for security was to keep the IPB archived for read only and to move to a different platform. I know what everyone's probably gonna say "wtf?" but I ended up moving to ZetaBoards and starting over from scratch.

 

There's a few drawbacks to this but there's also a few positives as there is with every forum software I'd imagine. I paid $7.99 for their premium version which gave me a few more features and stuff which is nice and for that price ya can't really go wrong. We've just opened officially to the public again and we're already halfway to 1k. Where i had IP.content before, I now have wordpress with a professional theme suited for my site which only cost me $37. I'm also getting a custom theme made for the new forums which now live at http://forums.revillution.com. So for all that it cost me $75 to get my site back up and running......Not too bad.... On the plus side, it costs $50 for upgrades + support from IPB each year. :P

 

members seem to be coming back and I know we'll get back to where we were previously, eventually.

Link to comment
Share on other sites

Sucks that you were hacked. Good to hear you are back up and running. You never said what the ending reason was for them to hack you. Could it be possible that you installed something by accident? Maybe a hiccup on the server side? Seems odd that posts were removed, and nothing else touched. Usually hackers don't just delete a few posts... Especially as few as 500. If you have multiple admin, I'd restrict their privileges. If money isnt an issue, have a server optimized and setup correctly. Follow the 3-2-1 backup rule, and watch the forum thrive! :)

Link to comment
Share on other sites

Sucks that you were hacked. Good to hear you are back up and running. You never said what the ending reason was for them to hack you. Could it be possible that you installed something by accident? Maybe a hiccup on the server side? Seems odd that posts were removed, and nothing else touched. Usually hackers don't just delete a few posts... Especially as few as 500. If you have multiple admin, I'd restrict their privileges. If money isnt an issue, have a server optimized and setup correctly. Follow the 3-2-1 backup rule, and watch the forum thrive! :)

Yeah. I only have 1 other admin now who has full access, 3 others that only have access to their respective modification blocks (that they made) and none of those 3 were on in awhile so I doubt it was them. It seemed like just a random attack to be honest. I'm on Zetaboards now and probably going to stay there since I don't feel like moving everyone back over and whatnot, that'd certainly piss a lot of people off. I did have backups but the thing with my backups was, I have a cronjob run at 1am every morning and the posts were made from 6pm to 9pm that night, and were deleted sometime after 9:30 so a backup wouldn't have saved us either way.

Link to comment
Share on other sites

  • Administrators

That sucks, sorry to hear!

 

Yeah I don't see an easy way to delete only the posts in the last three hours via the AdminCP. Possibly they guessed your DB password or was it tough?

 

Who was your host and was it VPS/Dedicated/Shared Hosting account?

 

No backups then?

Link to comment
Share on other sites

No backups that had those posts, backups would've basically put us in the same situation. It's shared hosting, Hawkhost and I still have them as they are powering my main site still. :)

 

Either way, Zeta seems to be treating us just fine thus far. :) I've seen a lot of fantastic themes for them recently by this girl named Sarah who also goes by Kik. She agreed to make me a custom theme for $30 :D

Link to comment
Share on other sites

Is Zeta it's own forum software?

 

I would be interested in finding out what ended up happening. Makes me nervous here now...

Zeta is a free forum host/provider made by the same people who created InvisionFree many years ago. I'm not quite sure what happened but if it was a security breach with the server wouldn't they have messed with the other sites I had on my account and not just the forum? :\ That's what makes me nervous.

Link to comment
Share on other sites

  • Administrators

Yeah you would think so...but if they could hack IP.Board I would think there would be more hacked forums such as IPB support forums itself.

 

Were you on the most current version? Did you patch a month or two ago when there was that exploit fix on 3.2?

Link to comment
Share on other sites

Yeah you would think so...but if they could hack IP.Board I would think there would be more hacked forums such as IPB support forums itself.

 

Were you on the most current version? Did you patch a month or two ago when there was that exploit fix on 3.2?

I was on 3.2 and yes I patched which is why I was confused as to why or how it happened....

Link to comment
Share on other sites

  • 1 month later...

Zetaboards? Are they really that great? I've heard of them like once when people are talking about the best forum software, etc.

They are decent if you're looking for a quick and free solution. :) I moved back to IP.Board since starting this threa dand found out it wasn't necessarily because of a hack. My host did a few migration thingies and caused me to lose some data. I had a messed up DB then so what I did was a clean install of the software and started fresh. So far so good. :)

Link to comment
Share on other sites

  • 2 years later...

It isnt good when you are hacked. Always make sure you have backups and that all software on the server is up to date. Some people don't seem to update their software and is it is suprising how sometimes when people are hacked that it's down to the software.

Link to comment
Share on other sites

It isnt good when you are hacked. Always make sure you have backups and that all software on the server is up to date. Some people don't seem to update their software and is it is suprising how sometimes when people are hacked that it's down to the software.

I 100% agree it amazes me how long some people go with out updating their software. There are tons of bots on the internet probing for outdated software and its over once they find your website. And the next day the owner wakes up scratching their head wondering what happened.

 

Greg

Link to comment
Share on other sites

  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...