Retrieve data from hacked forum

Started by G1ZmO, June 25, 2011, 11:25:05 AM

Previous topic - Next topic

G1ZmO

Dear all,

My web-host let me know that my forum had been hacked and reset my account losing 6 years of our forum (SMF 1.1.14). I do have a backup of the forum from a few days before the account was reset but our host said it was a very bad idea to restore it.

What i have done is installed SMF 1.1.14 on my server at home and intended to restore the backup to there. However, most of the threads I've read say that I need to use phpMyAdmin to restore the backup. I don't have phpMyAdmin installed on my home server. Is there no way I can do a restore without installing this? Getting kinda out of my depth here tbh :)

I have recreated our forum at our host but used the SMF 2 version instead but our users were asking if there were certain posts and/or boards that we could have restored (even if it means copy/pasting the plain text back into the new forum to avoid the hacked code)

Could someone advise me please?

Thanks

Paul

Illori

what type of backup do you currently have? it is usually easier to restore a database backup with phpmyadmin then trying to use the commandline if you are not used to using it.

G1ZmO

I'm pretty sure the last SMF backup was tables and structure

It extracts to a 6meg xxxxxxxxx_smf1-complete_2011-06-17.sql file

Illori

if you use clean files and reconnect to that database there should be no risk at all. if you use the existing files and connect to the existing database it may cause issues.

G1ZmO

I don't intend to restore the backup to the new hosted forum (ver 2)

Just want to restore the backup to a local server at home to retrieve some of the posts

Am I better to install phpmyadmin to do that locally?

Thx

Paul

Illori

yes it would be easier to install phpmyadmin

Yazan Asied

Try this local server
http://www.wampserver.com/ [nofollow]
it is very simple and easy to adjust

Antechinus

Quote from: G1ZmO on June 25, 2011, 02:35:01 PM
I don't intend to restore the backup to the new hosted forum (ver 2)

Just want to restore the backup to a local server at home to retrieve some of the posts

Frankly it would be easier to just restore the database.

G1ZmO

That was my original plan but my host support advised against it as they said there was a lot of code injected into the forum and that would also be present in the backup file thus reinfecting the forum if it was restored.

How likely would that be do you think?

Illori

if your backup of the database was from before the attack and you use fresh files there should be no issues.

G1ZmO

No I'm afraid not.

My host said that it looked like it had been hacked some time ago

Quote from hoster "Yes, your account has been frequently trying to hack into our server. We caught it running a shell script on Monday night which attempted to take control of the server. This is a very serious matter.
I've looked into your account and it would appear that your SMF forum was hacked at some point in 2009 and the hacker injected a lot of code into your database."


Odd that it took the hoster 2 years to realise there was a problem. The forum users didn't have any functionality issues.

So, I really dont want to risk restoring the backup to the hosted account. I'll try to do it locally and save some of the more important posts.

Will try phpMyAdmin

Illori

most likely they only got your files, you can check your database backup. i would also suggest you look for a better host that does not as easily allow hacking.

Advertisement: