2006-06-25, 04:07 PM
2006-06-25, 04:15 PM
If you could pm a copy of your sites raw access logs then we'll begin investigating the issue immediately.
As for your site, do you have a database backup you can restore, perhaps through phpMyAdmin?
As for your site, do you have a database backup you can restore, perhaps through phpMyAdmin?
2006-06-25, 04:21 PM
Musicalmidget Wrote:If you could pm a copy of your sites raw access logs then we'll begin investigating the issue immediately.I do have a back up (older though) but I am not sure how to do it. I created one. I tried to restore it and I got following error:
As for your site, do you have a database backup you can restore, perhaps through phpMyAdmin?
mySQL error: 1171
All parts of a PRIMARY KEY must be NOT NULL; If you need NULL in a key, use UNIQUE instead
Query: CREATE TABLE mybb_fc_bans ( `created` timestamp(14), `userid` int(11), `banneduserid` int(11), `roomid` int(11), `ip` varchar(16), PRIMARY KEY(created,userid) )How can I get RAW access log?
EB
2006-06-25, 04:26 PM
If you have access to cpanel or something similar, you can usually view and download access logs from there.
2006-06-25, 04:57 PM
Musicalmidget Wrote:If you have access to cpanel or something similar, you can usually view and download access logs from there.Yes, I do have cpanel but I was not successful in determining where the log file is actually present. MyBB has separate subdomain and general statistics is provided for entire domain not subdomain if anything.
Any suggestion about what should I do?
EB
2006-06-25, 05:51 PM
Quote:Steps
1 To access the Raw Access Logs menu, click on the icon above the words Raw Access Logs on the main screen of your cPanel interface.
2 Select the domain or subdomain you wish to view the logs for by clicking on its name below the words Please select a raw log to download:
3 Click on Save to save the log to the directory shown by your browser's save file window.
4 To view the log, open it in a zip program and unzip the file inside. Then use a text editor to open the log and view it.
2006-06-25, 08:56 PM
EuroBEAT, what happened to the site? Did the hacker create an account and do something, did they do an sql injection, did it redirect to another site, did they deface your forums, or do you not know?
2006-06-25, 09:02 PM
Tikitiki Wrote:EuroBEAT, what happened to the site? Did the hacker create an account and do something, did they do an sql injection, did it redirect to another site, did they deface your forums, or do you not know?Exploit was done thru localhost
I identified that definately mybb_forums module was affected. I had a month old back up and was able to replace it with the back up so forums are now displayed, however When you click on Forum links it gives you INVALID FORUM message. Also when in Admin CP and look at Manage Forums there is only one present called HACKED BY V4L1UM.
There was likely other things done, since I lost some pre-defined USER GROUPS I have created, so probably I will have no other choice than to revert to month old history.
I am not sure what exactly measures I can take.
EB
2006-06-26, 01:00 AM
Upgrade to 1.1.4. The hacker used the exploit which was patched in the release of 1.1.4 to compromise your board.
2006-06-26, 09:05 AM
Weird thing is with one of my boards, the hacker left a message saying to upgrade to 1.1.4.
The other, all the admin accounts were deleted.
The other, all the admin accounts were deleted.