Is there any possible way with which we can check who last logged in ?

[Decent_946]

Hello SMF Community,

Recently, our community forum got messed up very badly. Someone has just totally done wrong with the forum.. all the topics, boards and users have been deleted by someone. In simple words, forum got illegal access ( hack ). I have doubt on some of community ( forum ) members since they have been trying to get us down. Even Community founder is unable to login.

I am looking for a possible method by which i can check who just last logged or recent logged users list in forum via user panel/host ? - IP address and hostname ?

little help would be really appreciated.

[Sir Osis of Liver]

Look in Admin -> Members, you can sort 'Last Online' column up or down by clicking on the title, assuming, of course, that the info is still in your database.

[Arantor]

If you can't even log in... you need to go to phpMyAdmin, go to the smf_members table and click on the 'last_login' column heading to order it by highest number first (most recent login)

[Sir Osis of Liver]

all the topics, boards and users have been deleted by someone.

If users have been deleted, _members table may be empty. Database backup wouldn't help, as it would predate the attack.  If that's the case, you would need access to server logs.

[Arantor]

Not that the server logs will likely tell you that much

[Sir Osis of Liver]

On my previous host, server log included timestamp and ip (among other things), which is what OP is looking for.  Current host has access-logs folder, but can't get into it via FTP, maybe have to use cpanel.

[Decent_946]

I'm thankfull to all of you for your replies. I did read them yesterday but couldn't answer for some reason.


as Sir Osis mentioned, database table was erased hence i am unable to look up in the database.  Server Logs were erased as well. It showed us only the actions that we took after the heck. This thing has ofcourse been done by breaking into someone's ( admins ) account. We have doubled our security for our forum now. We had backup of 1 week earlier. we restored it. We hope this scenario won't occur again.

However, We are yet figuring out the hacker. Thanks all of you guys for your time.

[Arantor]

Breaking into the admin account shouldn't have enabled access to the server logs... makes me wonder if there was a problem with the hosting account.

[Sir Osis of Liver]

We hope this scenario won't occur again.

Those who live in hope often die in despair

As Arantor pointed out, this wasn't a forum hack, your host account is compromised.  You should advise your host of the attack, ask them to do a security scan on your account, and change ALL passwords - cpanel, databases, ftp, forum admins.

[Decent_946]

We hope this scenario won't occur again.

Those who live in hope often die in despair

As Arantor pointed out, this wasn't a forum hack, your host account is compromised.  You should advise your host of the attack, ask them to do a security scan on your account, and change ALL passwords - cpanel, databases, ftp, forum admins.

This has been done. Everything seems to be clean. I don't think there is anything nore we can do.

I'll keep you up-to-date if there is something new.
Thank you.

[aegersz]

this mod, although not quite what want, may be of interest to you > http://custom.simplemachines.org/mods/index.php?mod=1406

This mod will display a member's last login next to their posts

I also run this and set BCC on in Postfix to catch all sent mail (to monitor this mod) > http://custom.simplemachines.org/mods/index.php?mod=2181

users receive an email on failed login attempt, account login protection by ip address, and locking of an account after too many failed attempts.

[Decent_946]

Thanks @aegersz

These both mods are helpfull indeed. I have already installed login security mod. Gonna install the last login displayer as well.