News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Someone hacked my forum.

Started by MESWEB, July 22, 2014, 03:21:33 PM

Previous topic - Next topic

MESWEB

He just reset my forum  8) congratulations. I need more - can You reset my forum every day ;D.
I'll be grateful  :laugh:

Administrator logs display:
Update forum to version    Today on 18:06:00   Guest Guest   127.0.0.1

kat

* K@ doesn't understand this topic.

Justyne

Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.

MESWEB

#3
Quote from: K@ on July 22, 2014, 03:23:27 PM
* K@ doesn't understand this topic.

How You can understand this topic when You can't understand subject "Someone hacked my forum"?

Edited for flaming.  Please don't insult people.  Thank you -Iris.

Justyne

Please don't treat our staff like this.

Just because I could discern meaning does not mean your English was easy to understand. I get that you're upset right now with your site hacked, but don't bark at K@ for it.
Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.

kat

Thanks for being so friendly.

Again.

I understood the "Hacked" bit.

The rest, though, was... erm... Odd.


MESWEB

Quote from: Justyne on July 22, 2014, 03:24:14 PM
http://wiki.simplemachines.org/smf/I_think_I_have_been_hacked

Please follow this guide.
Thanks. I have Direct Admin on my host. Can I found there any useful info about hacker, like IP or something like this?

Ninja ZX-10RR

As a sidenote, if you were on my forum and posted like this, again (this is not the first time) you would have seen a 503 error the following time.
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

kat

Quote from: MESWEB on July 22, 2014, 03:39:09 PMThanks. I have Direct Admin on my host. Can I found there any useful info about hacker, like IP or something like this?

Do you have access to raw access logs?

ARG01

#9
Quote from: MESWEB on July 22, 2014, 03:29:42 PM
Quote from: K@ on July 22, 2014, 03:23:27 PM
* K@ doesn't understand this topic.

How You can understand this topic when You can't understand subject "Someone hacked my forum".

I actually didn't understand your jibberish either. You're lucky, if I had the power of K@, I would not only have locked the topic but probably banned you as well simply because of your extremely poor attitude and disrespect when asking for "help".   ???


Edited the quoted message. -Relyana
No, I will not offer free downloads to Premium DzinerStuido themes. Please stop asking.

MESWEB

Quote from: K@ on July 22, 2014, 03:41:18 PM
Quote from: MESWEB on July 22, 2014, 03:39:09 PMThanks. I have Direct Admin on my host. Can I found there any useful info about hacker, like IP or something like this?

Do you have access to raw access logs?

Where I can find RAW access logs in Directadmin?

kat

No idea, I'm afraid.

In CPanel, it's fairly obvious. If you don't have that...

http://forum.directadmin.com/archive/index.php/t-530.html

MESWEB

I find logs in ftp on my domain. File name "July-2014.tar.gz" "July-2014.tar.gz.1" "July-2014.tar.gz.2" "July-2014.tar.gz.3" "July-2014.tar.gz.4" inside is file called "obeznany.pl.log.1". I think this is the file what I looking for.

kat

Got to be worth having a look! :)

MESWEB

Quote from: K@ on July 22, 2014, 03:57:36 PM
Got to be worth having a look! :)

This is are last date in file log "22/Jul/2014:00:23:47 +0200"  >:( What now? I need wait to update file tomorrow?

kat


MESWEB

I found something strange. I notice entering to my site from:
QuoteAmsterdam, Noord-Holland, Nederland, host name Installatron

Why Installatron are reset my file? I install SMF from Installatron couple months ago.
Now I need to close access from Installatron. What I need to do? Install clean version of SMF manually?

Kindred

Flavio and SimpMode...  Unhelpful in the extreme,

MESWEB,
You have done this several times now... posting something and also some bit of gibberish and assuming we can read your mind for what you ACTUALLY meant.
Try communicating clearly and you can avoid all the stuff at the beginning of this thread.

We get that you were hacked.
Sorry to hear that.
Still not sure exactly what you expect us to do about it...
especially if you are running your own server...
One assumes that - if you run your own server, you know how to protect it and, if it is compromised, know how to re-secure it while you investigate the logs on how the attacker got in.
If you don't know those two things... WHY THE HECK are you running your own server at all? That's one of the main reasons the rest of us PAY someone who IS knowledgeable to run/manage our servers.

FYI: logs, in general are only saved to the log directory at the end of each day...

You never did say exactly what you meant by "he reset my forum".
Reset it how?

also, information is the key word here...
what SMF version?
What is your URL?
Who is your host (or do you actually run the server out of your house?)
What mods are you running?
Are you running anything else on that server other than SMF?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Ninja ZX-10RR

Yes Kindred sorry for being unhelpful once.
This guy already started another topic being very angry with all the staff for no reason forgetting the fact that none of you is paid and we are only volounteers here. He has been extremely rude and my post was just to let him know (first time happening here) that I will refuse to help in this case for being treated as a useless slave.
Feel free to help people while they throw crap at you but sorry if I don't want to do it. I don't pretend anyone to say "omg thanks you are #1" but being treated as a slave and then supposed to answer kindly anyhow? Please no. I'm just done with this guy that's it. You are the PM you deal the moderating actions :) but let me tell you that as a free user seeing a post like this with a guy treating the staff like that is ugly. IMHO.
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Kindred

Flavio,

It's one thing for a member of the staff to make that comment (still somewhat inappropriate though)
However, if you know that you have an issue with the poster...  and don't feel like responding because of an attitude, then don't respond... :D
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: