Admin password hacked

[engrz]

hello team

my admin password is compromised at 4:00AM, now i can not login to the forum. what is the solution please?

when im going to forget password it says


Session verification failed. Please try logging out and back in again, and then try again.

MOD EDIT: Multi-post, do NOT post three or four messages after each other.

[Sir Osis of Liver]

Are you able to use phpmyadmin to edit your database?\

[engrz]

yes i can edit phpmyadmin, tell me the procedure plz

some one has changed my theme and edited the theme, now if user ones loged in he can not log out because the error occured.

[Sir Osis of Liver]

Register as a new member, then go into smf_members and set id_group = 1.  That will make the new member admin, and you can fix things from there.

Change all of your passwords - cpanel, ftp, phpmyadmin (if different), and all admins.  While you're in smf_members, look for bogus admins.

You might also replace /Sources/Load.php with a clean file.  There's a simple hack that's pretty well known that will give a member permanent admin access, regardless of their id_group.

[engrz]

i have changed the admin

the username admin has no rights.

replaced load file also

can not create new user, security image loading failed everytime. i think it was deleted.

i have changed another user admin as you said, it shows admin tab, but when i click on admin tab it is again asking for password, when i insert password following error comes again.

an error has occurred

Session verification failed. Please try logging out and back in again, and then try again.

i can not change anything. always same error occurred.

[Sir Osis of Liver]

Can you login as any member?

[engrz]

i can now login with member which i maked as admin from phpmy admin.

but when i click on admin panel it again ask for password, when i give same password the error come session verification failed.

[Sir Osis of Liver]

Don't know why that's happening.  You can try this as a temporary solution -

In /Sources/Admin.php find this:

Code Select Expand



// Make sure the administrator has a valid session...
validateSession();



Change to this:

Code Select Expand



// Make sure the administrator has a valid session...
// validateSession();



Might work, but it's a security risk.  If you believe your forum's been hacked, I would delete the entire thing (make sure all files are gone), change all your host account passwords, and reinstall it from scratch.  Your database should be intact.  Back it up with phpmyadmin before you start.

[ApplianceJunk]

You might also replace /Sources/Load.php with a clean file.  There's a simple hack that's pretty well known that will give a member permanent admin access, regardless of their id_group.

A simple hack for SMF 2.0.2?

[engrz]

if i remove all files and start from scratch? how can i restore my posts? by doing this my ranking will go down.

when i logged in to my themes section, i found many CSS files installed and 2 3 themes which i was used before was deleted.

i have re uploaded the default theme but the same error is there.

[ApplianceJunk]

Have you talked to your host about all your problems?

If you now have files that you had deleted yourself I wonder if your host restored a older copy of your site for some reason.

[engrz]

i have not delete files by myself. i dnt know who has deleted.

i contacted to my host but they are not accepting anything.

i request them to restore my older backup.

hello experts

please help, my hosting company is not restoring my backup, and i can't upload my backup of 10GB.

[Powerbob]

Hi, there are programs available on the internet for free that will allow you upload large files, just do a search! I assume you downloaded your DB as gzipped ie packed ?

[Storman™]

please help, my hosting company is not restoring my backup

Think you are being a bit impatient. Our clients usually have to wait around 4 hours for us to restore a backup like that due to the manner it which the backups are archived.

...and i can't upload my backup of 10GB.

If you are referring to your database then try MySQLDumper. You can upload large database with that as it does it incrementally.

[engrz]

i have updated all smf files from my backeup. but the same error is still available.

[Storman™]

Have you tried "Krash's suggestion to amend Admin.php:

http://www.simplemachines.org/community/index.php?topic=492670.msg3453381#msg3453381

[engrz]

Have you tried "Krash's suggestion to amend Admin.php

yes i have tryed, but i again found the error in who.php

[Sir Osis of Liver]

if i remove all files and start from scratch? how can i restore my posts? by doing this my ranking will go down.

Your posts and member info are in your database, which is not affected if you reinstall the forum.

i have updated all smf files from my backeup. but the same error is still available.

Did you delete the forum files completely and reinstall from a clean 2.0.2 install package?  There may be a hack buried in a file that doesn't get overwritten and continues to affect the forum.

[engrz]

Did you delete the forum files completely and reinstall from a clean 2.0.2 install package?  There may be a hack buried in a file that doesn't get overwritten and continues to affect the forum.

i have deleted all folders and files except attachments and pakages.

[engrz]

i have deleted all files and folders and started from scratch. it is now working fine. but i see database error again for some times after few minutes.