cyberattack and password

[hrothgar41]

I have recently attached an SMF Forum to my website (charleslmorgan org), to allow fans of Charles Morgan's work to talk to each other. I'm a complete newcomer to this kind of thing, and now find that my Forum has had a cyber-attack: in 24 hours over 8,000 robot "members" have put up over 11,000 "posts". Obviously, I will now start adding verification questions, but before I can do that, I need help with two things. 1) As an Admin, how can I delete all the posts on the Forum in one go? 2) Being the klutz I am, I have forgotten my Admin password, for which the Forum asks me without showing a "Forgot your password?" option. Any help on both these points will be intensely appreciated. 

[NanoSector]

Hello grothgar41, welcome to SMF!

1. Yes, you can, but you need database access.
Go to phpMyAdmin (or a similar tool), and Truncate (empty) the smf_topics and smf_messages tables.
Then go to your forum, Admin > Maintenance, and recount all forum statistics.

2. If you head to your forum, and click the Login button, at the bottom of the login form there will be a button which says "Forgot your password?", if you click that you can reset your password.
If that did not work, please see this wiki page.

[Chalky]

As well as setting verification questions, you'll probably want to change the registration method to at least email verification, if not admin approval for a while, and maybe consider a mod or two to help.  See here for further suggestions  http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do

[hrothgar41]

Thanks so much, both of you. NanoSector, I have a problem remaining: I went to the phpMyAdmin site, which told me that I should first download SQL and install it with a root user and password. (Remember, I am an elderly total beginner . . .) So I downloaded SQL but have no idea how to add root user and password. Then I went back to phpMyAdmin and saw a complicated series of codes I should have to enter here and there to adapt the software; at which point I threw up my hands in despair. I run a MacBook Pro with OSX 10.9.2 Mavericks and use Safari 7.0.3 as my browser, though I also have Chrome. If worse comes to worst I can always simply close the Forum down and start again; but if there is a slightly simpler way to clean out the robocrud I should be happy to hear about it. I'm grateful to both of you for your quick replies: just ashamed to be so ignorant.

[Chalky]

Unless you're hosting your website on your local machine you don't need to download anything    phpmyadmin is found in your hosting control panel.  Just login to your hosting account or cpanel and look for the phpmyadmin link somewhere, which may be in a section called SQL Databases depending on your host.

[kat]

Here's the full "Oh, crap! I've forgotten my admin password" doc:

http://wiki.simplemachines.org/smf/Administration_-_I_accidentally_lost_my_admin_account!_What_can_I_do

Being an ageing beginner, myself, I know how scary that page might seem...

Backup, before you do anything, just in case? How to do that is described on the page that will magically appear, if you click my sig.

[hrothgar41]

You guys are very generous, and I will try to profit by your knowledge. Chalky: the hosting program for the site the forum is attached to is Dotster, and they do indeed have phpMyAdmin, but it leads me to a server under my name with two databases (mwz and ouq) I do not recognize, being run by two (as I suspect) robots with long strings for names (one of them has the Username 1F3cP6hl0415ds7). It does *not* lead me to smf. Either this is because my forum (Charles Morgan Forum) is a SM forum loosely attached to the hxxp:www.charleslmorgan.org [nonactive] website, or it is because the robots have also invaded the Dotster MySQL. Either way, it is well beyond my capacity to deal with. Dotster, alas, does not have a Forum option on their site builder. I may have to simply uninstall the whole Forum and start again. If I do want to dump it, how do I do that?

[kat]

http://wiki.simplemachines.org/smf/How_to_upload_a_fresh_set_of_files will tell you how to get a virgin forum, software-wise. That'll leave your members, posts, &c. intact. But, the database being compromised is a worry.

Have you had a word with Dotster, as yet? They might be able to throw a little light on what's been happening, as they'll have access-logs and stuff to refer to.

[Illori]

i dont think there is any compromise happing here. the user has been attacked by spammers without spam protection that is all.

[kat]

You're likely right. But, as hrothgar seems concerned about it, there's no harm in checking it out.

[hrothgar41]

Dotster is looking into it; they have restored access (which at one time was also blocked), and have told me the same as you-all about future verification systems. I agree that no database seems to have been compromised, if only because there wasn't much of a database to begin with. I don't think any members had yet signed up beside myself; and I've warned the dozen or so who would have been the first not to touch it for the time being. I've looked at the restoring a virgin forum site you recommended, which would be useful if I'd installed any mods; but I didn't, because a) the Forum hasn't been around very long and b) I've neither the time nor the know-how to do much modding. What it doesn't tell me, and what Dotster hasn't yet told me either, is how to dump the 118,280 posts on the Forum quickly.
As I said, it might be easier to dump the whole Forum at this stage, spambot posts and all, and either start over or set up something else, like an e-mail list. If I wanted to dump it, complete with "content", how would I do that? Is there an "uninstall" on Simple Machines?

[Kindred]

sorry, there is no easy way to delete that many posts in a single go...

[Illori]

you could just do a new install with a different database. http://wiki.simplemachines.org/smf/Installing

or maybe admin -> forum maintenance -> topics remove all topics not posted in for x days which are any sort of topic.

[Kindred]

hmmm... good call.   if he's willing to actually delete everything, he could say "delete all threads which have not been posted to in 1 day"

[hrothgar41]

Great suggestion! (Dotster thought it couldn't be done.) But when I try to remove all topics for more than 1 day I get an Error message: "Unable to verify referring url. Please go back and try again." a) is the referring URL mine? b) if not, what is it? and c) if so, how can I get it verified?

[Kindred]

ug.... I thought we addressed that bug.

make sure your header is expanded (not shrunk/hidden)  and try it again

[hrothgar41]

Whenever I click on Admin, a pink notice at the top tells me the default theme's directory is wrong and I should correct it. Could this be the URL in question? In the default theme directory window it shows as: /hermes/bosoraweb117/b2196/dot.rogerkuin/public_html/smf/smf10/Themes/default

[Kindred]

your default theme directory should always be default...   you can install other themes and use them as your SITE default...   but you should never change the directory of the "default" theme since that is the directory that ever other theme falls back on for files that are not updated by that specific custom theme
(almost no custom theme redefines ALL templates)

[hrothgar41]

So why is it wrong? I've never touched any theme.

[hrothgar41]

My Forum is once again inaccessible: clicking on the website access produces this notice:
"User 'P8JUviXWHu2dQX3' has exceeded the 'max_questions' resource (current value: 75000)"
How can I simply close down this Forum (and all that's on it), please?