Site is being hacked as we speak

[Chalky]

1. I need to delete publichtml folder.  ----- is there any other files I need to delete? If I have the large upgrade extracted on my pc I can go by that right?

No, don't delete the public_html folder, just what's inside it.  Except Settings.php, Settings_bak.php, attachments folder and avatars folder.  Make sure those four things are backed up to your computer just in case there's an accident (making sure Filezilla is in binary mode, if that's the FTP tool you're using).

2. Once those are deleted, I highlight all upgrade files and upload. This will put them in their respective places

Everything inside the unzipped Large Upgrade thingy, yes, except the four things mentioned above.

4. Run upgrade tool (point my browser to it). Once complete tell it to remove those files

No, you're not actually upgrading, just replacing your compromised files with clean ones.  There is no need to copy Upgrade.php file to your server at all.  If you already did, just delete it, you're done 

This is the guide you need to be following  http://wiki.simplemachines.org/smf/How_to_upload_a_fresh_set_of_files

[Kimmie]

ok I will go by that page instead. Thanks

ok Here is my plan. Trying to upload backup for now. Not only will this give me the practice I need but it will get my forum back up for the time being. I figure since the host does not let me chmod, I have the time  lol

Then later tonight or first thing tomorrow I am going to wipe out forum files and upload upgrade. It means reinstalling mods, but I want to know that things are safe again and there is no telling where all he has that script.


Then I am going to rip my host a new a hole.

Then I will do a happy dance because hopefully my site will be back  lol

---------------------------------------------------

Backup upload has now been sitting here for about 10 minutes and shows the same as I posted above. I assume this should have already been finished? Going to let my other admin (yes, whom I trust), do it and see if she can get it done.

[Kimmie]

1. I need to delete publichtml folder.  ----- is there any other files I need to delete? If I have the large upgrade extracted on my pc I can go by that right?

No, don't delete the public_html folder, just what's inside it.  Except Settings.php, Settings_bak.php, attachments folder and avatars folder.  Make sure those four things are backed up to your computer just in case there's an accident (making sure Filezilla is in binary mode, if that's the FTP tool you're using).

2. Once those are deleted, I highlight all upgrade files and upload. This will put them in their respective places

Everything inside the unzipped Large Upgrade thingy, yes, except the four things mentioned above.

4. Run upgrade tool (point my browser to it). Once complete tell it to remove those files

No, you're not actually upgrading, just replacing your compromised files with clean ones.  There is no need to copy Upgrade.php file to your server at all.  If you already did, just delete it, you're done 

This is the guide you need to be following  http://wiki.simplemachines.org/smf/How_to_upload_a_fresh_set_of_files

Sorry, did not see this before I made my post. Thanks for all the steps, newbies like me like steps

I can write this all down because I know I will need it again.

Getting ready to have my friend try and get the backup uploaded. Will keep you posted.

[kat]

I think you're going to have to be incredibly boring and backup everything, every evening, or something, for a while. Then, if that arsehole hacks you, again, you can restore from the previous day.

Your host SHOULD be your best help against this kinda thing, though. Maybe it's time to switch to a good host?

[Kimmie]

Well my norm is to back up every night and I almost always do. I have all current backups, however what I am doing now is going back to the 27th which is two days before this dude registered on my site. Not much was posted so it's no big loss. Not like it was last time UGH. I lost 18 days of posts with that one  lol

Friend is in the middle of working on upload. If this does not work, any suggestions on how I can get this done? I can't keep relying on host to do it.. they only backup twice a month it seems. (1st and middle). Using IE also if that helps you any.

[kat]

The terms "Security" and "IE" don't often get mentioned, in the same phrase, usually. Unless the word "Crap" is there, too.

There are two usual ways to backup/restore the actual files. One is via CPabel>Backups. The other, is just using FTP.

The advantage of FTP, is that it can be done "File-by-file", rather than the CPanel way of doing the whole thing in one hit, with an archive. With FTP, should one file upload timeout, you can just retry that file.

The problem, nowadays, is that most ISPs have really slow upload speeds. My download speed is 10MB/s, although I'm only supposed to get 8. But, my upload speed's often less than a quarter of that.

I wonder if it's worth you asking if they offer R1-soft backups, via CPanel? Mine does that and I have instant backups that are done every day. If my site gets screwed, I can restore one of those backups in seconds. They seem to keep months of them, too, which is brilliant!

[Kimmie]

I know how to upload the forum files but how do I upload the database using FTP?

[kat]

You can't.

That's nowhere near as big as all the files, together, are, though.

[Kimmie]

You can't.

That's nowhere near as big as all the files, together, are, though.

Oh ok, I misunderstood. I was referring to another alternative of getting my DB uploaded and you must have thought I meant forum files.

Just thought about something. Right now I have my forum turned off  (maintenance set to 2). Could this be why I cannot get the backup uploaded? Well, it seems to upload, it just won't restore

Host finally got back to me.. working with them now

[Arantor]

Maintenance set to 0 is not turned off...

[Kimmie]

Yeah I meant 2 I edited my post. that turns it off even to me. Could that be it?

[kat]

Nope. That won't affect it, one iota.

I can only think of two ways, without employing other software and I doubt those would improve things.

From phpmyadmin, use the "Import" function.

From CPanel>Files>Backups, use the "Restore" function.

[Kimmie]

Nope. That won't affect it, one iota.

I can only think of two ways, without employing other software and I doubt those would improve things.

From phpmyadmin, use the "Import" function.

From CPanel>Files>Backups, use the "Restore" function.

Import Function: File is too large.. max is 50MB Mine is around 84
Restore option: Have tried about 25 times since last night and it gets to the restoring database, then nothing happens.

I had to do this once before but it was like 3+ years ago. I remember using a program that split the db file into parts and I uploaded those parts then I think I may have used File Manager in CPanel to extract them (not sure). Only problem is, I don't remember the program and I don't remember how/where I uploaded them to. Gonna have to think on this a bit. It may by my only hope at this point.


I reamed my host a good one for taking away my chmod permissions since I think it is probably safe to assume that is how they got in so easily --- so hopefully they will get that straight. I uploaded my backup for them to restore but I cannot keep relying on them to do it for me. I have got to be able to get this done myself. Otherwise I basically have zero control over my own site. :/

[kat]

It might be worth reaming your host about the database, too. Perhaps with the wrong end of a pineapple.

Admittedly, yours is quite big (oo-er, misssiz!). But, what's the point in having a restore function that's useless?

Maybe, if you ream them nicely, they might change that.

A quick "How the Hell am I supposed to restore a database, which I've backed-up, like a good girl should, if I can't restore the damned thing?" might do the trick.

[Kimmie]

HAHA funny!

Finally heard back from them and they want to use their own backup since it would be faster.. and is fine with me since they have one for that date. Once I can get the site back up, my next step is to make them change my permissions so I can CHMOD again and I can get all that done. Then I am gonna go through changing pw's etc for now. Then I gotta hunker down and figure out a way to be able to upload my own backups because if I can't there is really no point in me even trying to fix all this mess any more. It will all be pretty pointless.

It will be interesting to see what their reason is for me not being able to upload the db. Since neither of us can do it, that tells me its on their end, not mine.


Sad part is, I have had this site for almost 6 years and it would be a shame to let it go with all the time and money I have put into it. That is my last resort though. I know I shouldn't let it stress me out since he isn't really doing any damage to my site.. I just don't know if I can keep doing this every friggin week  lol Now that he knows he can do it to me, he will be back

[Arantor]

Perhaps that means it's time to move hosts.

[Kimmie]

Perhaps that means it's time to move hosts.

Perhaps. Other than this crap, I have had good luck with them. Barely any down time.




Just heard back from them.. "restore will be complete within 12 hours"

Yep, sure ok...... because I have all that time to sit here and wait. NOT! lol. I am willing to give them one shot at this to get it all straight. Mainly because I have had to change hosts before and not only is not fun, I will lose money. If they fail, they will lose a customer they have had for 2 years.

[kat]

I'd be curious to know how they respond to the size of your database...

[Kimmie]

I'd be curious to know how they respond to the size of your database...

Not sure what you mean

[kat]

If/when you ask them how you're supposed to be able to restore an 80meg database, if they limit it to 50meg.

I mean, the database is THE thing. Everything else can be rebuilt. That can't.