MyBB Community Forums

Hi artmartin,

yeah just go to http://www.phpmyadmin.net/home_page/index.php and download it to backup (export) your database if this happens again.

I will let you know if I am able to get it restored.

I exported csv format, but I can't seem to restore it.

BTW it appeared as though the user logged in with a regular username as the UID was 15 and then gained access to admin privilages.

Here's a little info from the phpmyadmin help doc.

[6.4] How can I backup my database or table?
Click on a database or table name in the left frame, the properties will be displayed. Then on the menu, click "Export", you can dump the structure, the data, or both. This will generate standard SQL statements that can be used to recreate your database/table.

You will need to choose "Save as file", so that phpMyAdmin can transmit the resulting dump to your station. Depending on your PHP configuration, you will see options to compress the dump. See also the $cfg['ExecTimeLimit'] configuration variable.

For additional help on this subject, look for the word "dump" in this document.

[6.5] How can I restore (upload) my database or table using a dump? How can I run a ".sql" file.
Click on a database name in the left frame, the properties will be local displayed. Then in the "Run SQL query" section, type in your dump filename, or use the Browse button. Then click Go.

For additional help on this subject, look for the word "upload" in this document.

Thanks. God Bless.

Aaron.

I don't think phpMyAdmin can restore CSV format. I believe it only takes SQL.

Hi Dennis,

So it can export CSV but not restore from it?

Thanks. God Bless.

Aaron.

aaroncavanaugh2 Wrote:Hi Dennis,

So it can export CSV but not restore from it?

Thanks. God Bless.

Aaron.

Yeah, I think that's how it works, but personally I don't backup to CSV so I haven't tried importing something with CSV.

Hi Dennis,

I think you can import from CSV. The error I got comes from php.ini settings being too low to allow the entire file to upload.

Thanks for your help everyone. God Bless.

Aaron.

Are you on a hosting account through some webspace provider? If so, you should ask them to up that limit for you. If not, tell me and I'll look up what you have to do in php.ini.

Oops, sorry I was wrong, apparently you can import CSV from 'Insert data from a textfile into table'. Didn't know that existed

I want to thank the developers of this board for writing code that does not remove the data for all threads and posts when a forum is removed by an administrator. The hacker removed all my forums but the thread, post, and user data still existed in the SQL tables. I made copies of all those tables and then initialized the board with the latest patches. I then did manual restores of the tables and I'm back in business.

I was unaware of the need to do backups of my SQL data. I wrongly assumed that the hosting service, since they actually provide the MYSQL server, were doing backups and I could rely on them. I'll get into the procedures today and make sure I have full backups.

Thanks to everyone that responded to this. What in the world possesses someone to randomly attack innocent boards like this? The guy's message had something to do with his distaste for Microsoft web hosting areas but I'm not a Microsoft operating system proponent. Heck, I'm a developer myself and have been dumped on by MS myself many times having to completely rewrite legacy applications when Bill Gates and his crew decided to go off in another direction. That said, I would never attack some MS user just because I have problems with the company. How absolutely childish and criminal.

My board has no political discussion on it, simply user support for a software product and sharing of ideas and comraderie. What a strange choice for a target. Is there any chance of going after this guy by his IP address? What are the options under the law? Maybe a word into Homeland Security might make his life a bit testy.

Art Martin

You'd be surprised how some saddos get their kicks. I remember once coming across a website for OpenBB exploits where it detailed the security flaw, and then explain how a quick google search for "Powered by OpenBB" will turn up plenty of targets.

It really is that mindless. I personally replace my copyright tags with images so they at least can't use that particular method to find me. Backups are a total must though, since you really can't rely on anything internet-related.

Hey all,

I've been just looking MyBB as a replacement for phpBB, but I'm kind of worried about the above reports. Have the vulnerabilities identified which caused the above 'hacks'?