Forum was hacked.

[DarkGizmo]

So on April 13th my forum was hacked and I lost roughly 500 posts in the matter of seconds. We're not sure how the hacker got in whether it was through the server itself (host security breach?) or the IPB. I checked the logs and couldn't find anything in the admin panel which means they probably did it through the database itself. I found a strange file in my site's root so i deleted it and changed all of my passwords and such. I archived off my IPB and thinking quickly, decided my safest bet for security was to keep the IPB archived for read only and to move to a different platform. I know what everyone's probably gonna say "wtf?" but I ended up moving to ZetaBoards and starting over from scratch.

 

There's a few drawbacks to this but there's also a few positives as there is with every forum software I'd imagine. I paid $7.99 for their premium version which gave me a few more features and stuff which is nice and for that price ya can't really go wrong. We've just opened officially to the public again and we're already halfway to 1k. Where i had IP.content before, I now have wordpress with a professional theme suited for my site which only cost me $37. I'm also getting a custom theme made for the new forums which now live at http://forums.revillution.com. So for all that it cost me $75 to get my site back up and running......Not too bad.... On the plus side, it costs $50 for upgrades + support from IPB each year.

 

members seem to be coming back and I know we'll get back to where we were previously, eventually.

[ChuckTesta]

Sucks that you were hacked. Good to hear you are back up and running. You never said what the ending reason was for them to hack you. Could it be possible that you installed something by accident? Maybe a hiccup on the server side? Seems odd that posts were removed, and nothing else touched. Usually hackers don't just delete a few posts... Especially as few as 500. If you have multiple admin, I'd restrict their privileges. If money isnt an issue, have a server optimized and setup correctly. Follow the 3-2-1 backup rule, and watch the forum thrive!

[DarkGizmo]

Sucks that you were hacked. Good to hear you are back up and running. You never said what the ending reason was for them to hack you. Could it be possible that you installed something by accident? Maybe a hiccup on the server side? Seems odd that posts were removed, and nothing else touched. Usually hackers don't just delete a few posts... Especially as few as 500. If you have multiple admin, I'd restrict their privileges. If money isnt an issue, have a server optimized and setup correctly. Follow the 3-2-1 backup rule, and watch the forum thrive!

Yeah. I only have 1 other admin now who has full access, 3 others that only have access to their respective modification blocks (that they made) and none of those 3 were on in awhile so I doubt it was them. It seemed like just a random attack to be honest. I'm on Zetaboards now and probably going to stay there since I don't feel like moving everyone back over and whatnot, that'd certainly piss a lot of people off. I did have backups but the thing with my backups was, I have a cronjob run at 1am every morning and the posts were made from 6pm to 9pm that night, and were deleted sometime after 9:30 so a backup wouldn't have saved us either way.

[ChuckTesta]

So only posts made those three hours were lost?

[DarkGizmo]

It would seem that way, yes.

[ChuckTesta]

That was def an issue with the server.

 

500 posts in 3 hrs... Must be nice!!!

 

Anyway, glad to see you've found a new host and are liking them.

[Nathan]

That sucks, sorry to hear!

 

Yeah I don't see an easy way to delete only the posts in the last three hours via the AdminCP. Possibly they guessed your DB password or was it tough?

 

Who was your host and was it VPS/Dedicated/Shared Hosting account?

 

No backups then?

[DarkGizmo]

No backups that had those posts, backups would've basically put us in the same situation. It's shared hosting, Hawkhost and I still have them as they are powering my main site still.

 

Either way, Zeta seems to be treating us just fine thus far. I've seen a lot of fantastic themes for them recently by this girl named Sarah who also goes by Kik. She agreed to make me a custom theme for $30

[Nathan]

Is Zeta it's own forum software?

 

I would be interested in finding out what ended up happening. Makes me nervous here now...

[DarkGizmo]

Is Zeta it's own forum software?

 

I would be interested in finding out what ended up happening. Makes me nervous here now...

Zeta is a free forum host/provider made by the same people who created InvisionFree many years ago. I'm not quite sure what happened but if it was a security breach with the server wouldn't they have messed with the other sites I had on my account and not just the forum? :\ That's what makes me nervous.

[Nathan]

Yeah you would think so...but if they could hack IP.Board I would think there would be more hacked forums such as IPB support forums itself.

 

Were you on the most current version? Did you patch a month or two ago when there was that exploit fix on 3.2?

[DarkGizmo]

Yeah you would think so...but if they could hack IP.Board I would think there would be more hacked forums such as IPB support forums itself.

 

Were you on the most current version? Did you patch a month or two ago when there was that exploit fix on 3.2?

I was on 3.2 and yes I patched which is why I was confused as to why or how it happened....

[bryce12]

Sorry to hear that you had to face such a situation. How is your experience with Zeta so far?

[DarkGizmo]

Sorry to hear that you had to face such a situation. How is your experience with Zeta so far?

It's actually not bad. Really don't have anything to complain about with it. :-D

[Sherlock]

That sucks mate! Hope your forums get back to there former glory soon. Good luck!

[tetutato]

Zetaboards? Are they really that great? I've heard of them like once when people are talking about the best forum software, etc.

[DarkGizmo]

Zetaboards? Are they really that great? I've heard of them like once when people are talking about the best forum software, etc.

They are decent if you're looking for a quick and free solution. I moved back to IP.Board since starting this threa dand found out it wasn't necessarily because of a hack. My host did a few migration thingies and caused me to lose some data. I had a messed up DB then so what I did was a clean install of the software and started fresh. So far so good.

[dexterlablab1]

That sucks bad. I know how you feel because I went through something very similar with my site. In fact, my hack incident is what taught me the importance of backing up my site daily.

[DarkGizmo]

Yeah. I get backups emailed to me daily at 1am now.

[ridwan sameer]

I hate to be THAT guy.

But is it kinda ironic that your site is down now?

But having your site hacked is no reason to blame IPB and switch forums... But then i see it's a DB and hsot issue

So are oyu back to IPB now?

[Marc]

think if I had started my forum over again twice I would have just called it a day LOL

[alash]

It isnt good when you are hacked. Always make sure you have backups and that all software on the server is up to date. Some people don't seem to update their software and is it is suprising how sometimes when people are hacked that it's down to the software.

[alash]

And weak passwords ( sometimes )

[Soulwatcher]

It isnt good when you are hacked. Always make sure you have backups and that all software on the server is up to date. Some people don't seem to update their software and is it is suprising how sometimes when people are hacked that it's down to the software.

I 100% agree it amazes me how long some people go with out updating their software. There are tons of bots on the internet probing for outdated software and its over once they find your website. And the next day the owner wakes up scratching their head wondering what happened.

 

Greg

[Bravosi]

This is terrible, I wonder how it was hacked and by who... For sure, it was the failure of the server.