problem with my site after it was hacked

Started by shamoonluay, August 09, 2023, 04:03:40 AM

Previous topic - Next topic

shamoonluay

hello,

I have a problem with my site after it was hacked according to what i think!
I tried every way to get it back as it is, but without result.
is there anyone to help me please, fortunatly i have the backup of all the tables

thanks



shamoonluay

what is the best way to get it back?
i tried to restore the backup from the server, but i have still always many problems with the site!!

Aleksi "Lex" Kilpinen

It could help, greatly, if we knew what made you believe you were hacked in the first place,
and what issues are you still facing after restoring the backup.

Just saying "I was hacked" tells nothing, and "many problems" is even worse.
Please describe your issues.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

peter_mein

If you have a backup of the database and the server, you just have to restore it. Delete the database completely, only the content, not the database itself. then delete the content from the server where the forum was installed. Again, delete only the content from the one under direktory. Now play back the database data and then play back the server data. Then it should run again.

shamoonluay

Fatal error: Uncaught Error: Call to undefined function shell_exec() in /customers/4/f/e/baretly.net/httpd.www/Sources/Load.php:377 Stack trace: #0 /customers/4/f/e/baretly.net/httpd.www/index.php(142): reloadSettings() #1 {main} thrown in /customers/4/f/e/baretly.net/httpd.www/Sources/Load.php on line 377

Doug Heffernan

Quote from: shamoonluay on August 09, 2023, 05:49:32 AMFatal error: Uncaught Error: Call to undefined function shell_exec() in /customers/4/f/e/baretly.net/httpd.www/Sources/Load.php:377 Stack trace: #0 /customers/4/f/e/baretly.net/httpd.www/index.php(142): reloadSettings() #1 {main} thrown in /customers/4/f/e/baretly.net/httpd.www/Sources/Load.php on line 377

It looks like the shell_exec() function has been disabled by your host. Can you get to the Admin Panel? If you can go to Server Settings and tick the box that says 'Disable hostname lookups' and save the changes. I remember seen a few posts here about this and doing the above has fixed the problem for them. Hopefully it will help you as well.

I have a couple of questions, what made you think that you were hacked? How did you try to restore the backup? What php version do you have?

For future reference, as mentioned above, when asking for support try to be give out as many details as possible, rather than being vague. i.e. help us to help you.



shamoonluay

thanks for help, but my srver provider can not do this for security reasons!!
is there any other way to fix this problem please?

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

shamoonluay

it is more than 15 years with the same provideor without any problem..
I do not know what is happen this time

can i begin a new smf forum from scratch and then upload the old database?

Doug Heffernan

Quote from: shamoonluay on August 09, 2023, 03:04:42 PMthanks for help, but my srver provider can not do this for security reasons!!
is there any other way to fix this problem please?


Quote from: Doug Heffernan on August 09, 2023, 06:38:07 AMCan you get to the Admin Panel? If you can go to Server Settings and tick the box that says 'Disable hostname lookups' and save the changes. I remember seen a few posts here about this and doing the above has fixed the problem for them. Hopefully it will help you as well.

This!

Quote from: Kindred on August 09, 2023, 03:08:00 PMGet a better host?

What about these questions?

Quote from: Doug Heffernan on August 09, 2023, 06:38:07 AMI have a couple of questions, what made you think that you were hacked? How did you try to restore the backup? What php version do you have?

shamoonluay

What about these questions?

Quote from: Doug Heffernan on August 09, 2023, 06:38:07 AMI have a couple of questions, what made you think that you were hacked? How did you try to restore the backup? What php version do you have?

[/quote]


because is the first time that happend to my site, backup via the admin panel of the server, PHP 8

SpacePhoenix

You should change your FTP password straight away and make sure the new password is a strong one

shamoonluay


Doug Heffernan

Quote from: shamoonluay on August 09, 2023, 03:16:40 PMbecause is the first time that happend to my site

You still haven't told us what type of hack it was. Have you contacted your host and told them about it? If you were really hacked a very thorugh checkup of your server space for any backdoor(s) is in order. It is very important that the point of entry is discovered and dealt with. The same goes for the backdoor(s), otherwise it can/will happen again and again. Also a change of all passwords, as adviced above, is strongly recommended.

That being said, regarding the error have you read my post above?

Quote from: Doug Heffernan on August 09, 2023, 06:38:07 AMCan you get to the Admin Panel? If you can go to Server Settings and tick the box that says 'Disable hostname lookups' and save the changes. I remember seen a few posts here about this and doing the above has fixed the problem for them. Hopefully it will help you as well.


shamoonluay

i can get the admin panel, but i can not disable hostname lookups, it is not available
but if is not hacked why my site down!!!

Doug Heffernan

Quote from: shamoonluay on August 09, 2023, 03:33:16 PMi can get the admin panel, but i can not disable hostname lookups, it is not available

Do you mean that it is not listed? Can you please post a screenshot of that part of your admin panel?

Anyways, you can disable it with a sql query as well.

Run the following at the SQL tab of your phpmyadmin, or whatever tool your host is using to manage the databases.

UPDATE smf_settings SET value = 0 WHERE variable = 'disableHostnameLookup';
If you are using another database prefix, use that instead of smf_ in the query above.

Quote from: shamoonluay on August 09, 2023, 03:33:16 PMbut if is not hacked why my site down!!!

It could be many other things, such as an issue with a custom mod or a server error for example. It's hard to say without the details. Hence why you were asked about what type of hack it was, but you didn't, and are still not providing any details.

Tyrsson

Access logs and error logs would be helpful as well as long as they do not disclose any vital information. As mentioned before, attack vector here is VERY important. Can you provide any of the malicious script or an access log entry that leads one to think that you "were actually hacked"?

Please keep in mind. If you are in a VPS or shared hosting environment that the actual attack vector may not lye in your domain, it could possibly be a vector in a domain that is adjacent to yours.
PM at your own risk, some I answer, if they are interesting, some I ignore.

shamoonluay

I am very sorry that i could not explain the problem wel, but after I tried all the methods I did not find any solution to get my forum back, so I decided to start a new one from scratch.
now how can i upload the old tables and overwrite it to the new ones?
i get always a fatal error that this table is already exist!!

Advertisement: