Admin password hacked

[engrz]

hello team

my admin password is compromised at 4:00AM, now i can not login to the forum. what is the solution please?

when im going to forget password it says


Session verification failed. Please try logging out and back in again, and then try again.

MOD EDIT: Multi-post, do NOT post three or four messages after each other.

[Sir Osis of Liver]

Are you able to use phpmyadmin to edit your database?\

[engrz]

yes i can edit phpmyadmin, tell me the procedure plz

some one has changed my theme and edited the theme, now if user ones loged in he can not log out because the error occured.

[Sir Osis of Liver]

Register as a new member, then go into smf_members and set id_group = 1.  That will make the new member admin, and you can fix things from there.

Change all of your passwords - cpanel, ftp, phpmyadmin (if different), and all admins.  While you're in smf_members, look for bogus admins.

You might also replace /Sources/Load.php with a clean file.  There's a simple hack that's pretty well known that will give a member permanent admin access, regardless of their id_group.

[engrz]

i have changed the admin

the username admin has no rights.

replaced load file also

can not create new user, security image loading failed everytime. i think it was deleted.

i have changed another user admin as you said, it shows admin tab, but when i click on admin tab it is again asking for password, when i insert password following error comes again.

an error has occurred

Session verification failed. Please try logging out and back in again, and then try again.

i can not change anything. always same error occurred.

[Sir Osis of Liver]

Can you login as any member?

[engrz]

i can now login with member which i maked as admin from phpmy admin.

but when i click on admin panel it again ask for password, when i give same password the error come session verification failed.

[Sir Osis of Liver]

Don't know why that's happening.  You can try this as a temporary solution -

In /Sources/Admin.php find this:

Code Select Expand



// Make sure the administrator has a valid session...
validateSession();



Change to this:

Code Select Expand



// Make sure the administrator has a valid session...
// validateSession();



Might work, but it's a security risk.  If you believe your forum's been hacked, I would delete the entire thing (make sure all files are gone), change all your host account passwords, and reinstall it from scratch.  Your database should be intact.  Back it up with phpmyadmin before you start.

[ApplianceJunk]

You might also replace /Sources/Load.php with a clean file.  There's a simple hack that's pretty well known that will give a member permanent admin access, regardless of their id_group.

A simple hack for SMF 2.0.2?

[engrz]

if i remove all files and start from scratch? how can i restore my posts? by doing this my ranking will go down.

when i logged in to my themes section, i found many CSS files installed and 2 3 themes which i was used before was deleted.

i have re uploaded the default theme but the same error is there.

[ApplianceJunk]

Have you talked to your host about all your problems?

If you now have files that you had deleted yourself I wonder if your host restored a older copy of your site for some reason.

[engrz]

i have not delete files by myself. i dnt know who has deleted.

i contacted to my host but they are not accepting anything.

i request them to restore my older backup.

hello experts

please help, my hosting company is not restoring my backup, and i can't upload my backup of 10GB.

[Powerbob]

Hi, there are programs available on the internet for free that will allow you upload large files, just do a search! I assume you downloaded your DB as gzipped ie packed ?

[Storman™]

please help, my hosting company is not restoring my backup

Think you are being a bit impatient. Our clients usually have to wait around 4 hours for us to restore a backup like that due to the manner it which the backups are archived.

...and i can't upload my backup of 10GB.

If you are referring to your database then try MySQLDumper. You can upload large database with that as it does it incrementally.

[engrz]

i have updated all smf files from my backeup. but the same error is still available.

[Storman™]

Have you tried "Krash's suggestion to amend Admin.php:

http://www.simplemachines.org/community/index.php?topic=492670.msg3453381#msg3453381

[engrz]

Have you tried "Krash's suggestion to amend Admin.php

yes i have tryed, but i again found the error in who.php

[Sir Osis of Liver]

if i remove all files and start from scratch? how can i restore my posts? by doing this my ranking will go down.

Your posts and member info are in your database, which is not affected if you reinstall the forum.

i have updated all smf files from my backeup. but the same error is still available.

Did you delete the forum files completely and reinstall from a clean 2.0.2 install package?  There may be a hack buried in a file that doesn't get overwritten and continues to affect the forum.

[engrz]

Did you delete the forum files completely and reinstall from a clean 2.0.2 install package?  There may be a hack buried in a file that doesn't get overwritten and continues to affect the forum.

i have deleted all folders and files except attachments and pakages.

[engrz]

i have deleted all files and folders and started from scratch. it is now working fine. but i see database error again for some times after few minutes.

[blunted]

A simple hack for SMF 2.0.2?

Reading this has me more than a bit concerned, a simple hack to get admin access?

No fix?

Things like this tbh scare the hexx out of me and have me thinking about going back to vb.

Can someone please explain this a bit more, fix/patch?

[Sir Osis of Liver]

i have deleted all files and folders and started from scratch. it is now working fine. but i see database error again for some times after few minutes.

If the db errors are intermittent, it's more likely a host problem.

A simple hack for SMF 2.0.2?

Reading this has me more than a bit concerned, a simple hack to get admin access?

If someone has cpanel or ftp access to a forum, they can edit Load.php to allow their member number permanent admin access.  Regardless of their status, they will continue to have admin privileges until Load.php is fixed or their member account is deleted.

[Kindred]

blunted... I think you misinterpreted the word.

"a simple hack" meaning a simple bit of code change done by someone with access to the file
(remember, "hacking" was not always a bad term - it used to mean "to cut up, edit and/or repurpose code")

The person needs to have access to the file edit functionality in the first place, though...

We just released 2.0.2 to address a few minor things (a few bugs and a security update)
There are no known vulnerabilities in 2.0.3.

[Sir Osis of Liver]

Just to clarify, this is not an SMF security vulnerability.  There are many ways a forum or website can be hacked by someone with file access, and no way to prevent it, other than exercising good judgement and restraint in granting access priveleges.  This particular hack has been used several times by former admins (and in one case a disgruntled mod author) who had a falling out with the forum owner, and decided to be assholes and trash the forums.

[engrz]

i have created a free hosting on 000webhost and installed a smf, imported my database which is one year old, for few hours it is working fine but after few hours it shows database error again. on free host also.

[Kindred]

then you have some problem, somewhere in either your configuration or in how you manage the site.
I have been running an SMF forum non-stop for over 6 years without ever seeing such an error.

[blunted]

yes i def misread

ty for clarification.

[Sir Osis of Liver]

It's possible (though unlikely) there's a problem in your database that only causes the error when a query hits it.  Go into phpmyadmin, click on the database so a list of tables is displayed, Check All, then With selected - Check table, Optimize table, Repair table, Analyze table.  Pay attention to any error messages.


WTF, anybody got a better idea?

[engrz]

thats a good idea krash. i wil try as you said, and im trying to migrate to another host.

[engrz]

i have done as you said, on every table i saw OK, but when i tried Optimize table and analyze table options i found "This is already up to day" on the status of some tables.

[Kindred]

then you have an issue either with your host or with the database information in settings.php

[Sir Osis of Liver]

If the settings are incorrect, forum should never be able to connect to the db, and shouldn't load at all.  It does connect, loads normally, and displays board index correctly, including all boards and last post info, so it is connecting to the db. 

If it's a host problem, why does it happen on two hosts?  He does a fresh install on a new host, imports the db from the first host, runs fine for a few hours, then problem returns.

What I'm seeing now is normal default Curve.  Home, Help, Search, Login, Register buttons all work.  Search function works.  Board links work, but topic and post links do not, and throw database error.

[Oldiesmann]

What database error are you seeing? The fact that you're using a free host indicates that it's likely an issue with their server and not your forum - free hosts are not known for providing quality services.

[Sir Osis of Liver]

Take a look - www.engrz.com.

[Kindred]

I get interrupted with some stupid advert popover...

I am fairly certain that, whatever problems he is having are related to some improper installation or configuration of mods or other custom code....

[Sir Osis of Liver]

I use an ad blocker, so don't see that.

Am under the impression that he did a clean install with the existing database.  Maybe a mod has buggered the db?

[Kindred]

maybe...   I suspect something on the front end though...
Those adverts are pervasive and all over his site, including things like text-ad-link inserts and image ad inserts all over...   who knows what that is doing to the code.

on the other hand... he's been complaining about crashed tables, missing tables, etc for a while now...   so maybe the database is just buggered up.

energz,   try a clean installation and confirm that it works on your host.

[engrz]

first of all my host is not free host, as u said i have tried fresh installation but after few hours i get the same error, if you want to see the error visit www.engrz.com and try to read any post/topic you wil see database error.

[Storman™]

I'm not convinced your database was backed up correctly from your old site. Wouldn't be surprised if something is missing or corrupted somewhere.

[engrz]

my hosting company said that the problem is in .htaccess file. is it possible?

[Storman™]

Depends on whats in it.

Post it here if you are happy to do so and we'll take a look.

[engrz]

i have upgraded the forum from 2.0.2 to 2.0.3, now it is working fine. but i don't think that it can work more than 2 3 hours.

[Kindred]

computers don't work that way... 

software does not just fail after a random amount of time

[engrz]

i have installed 4 5 times but everytime i get database error

[Kindred]

right....      which, to me, indicates that your database has problems. Not the software....

If you have a bad database, then taking a copy of the database and installing it on a different server will still give the same result....  and that is exactly what you have reported.

[engrz]

how to check the database?

[Sir Osis of Liver]

You've already done that, and everything checked out ok.  Attach the .htaccess file from your forum root.

[Storman™]

....and can you post what's in your errors log, I suspect it's got a few entries that may give some clues.

[Storman™]

    Hang on, did you sort out these duplicate key database errors that you mentioned in your other topic from yesterday ?