Advertisement:

Author Topic: Infected with Malware  (Read 1377 times)

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Infected with Malware
« on: May 13, 2020, 11:28:15 AM »
I have (had) a website which links to a SMF forum. Google has red screened my domain as having been infected with malware. I have tried to clean it up and even restoring a good backup, but that has failed. I am having to build a new website and installing SMF, or do I have to build a website?

Is it possible to use SMF without a website?

Sorry noob question.

I am searching this forum as I type.

Thanks,
Steve

Offline doug_ips

  • Full Member
  • ***
  • Posts: 481
Re: Infected with Malware
« Reply #1 on: May 13, 2020, 12:33:39 PM »
Yes, you can use Smf as stand alone, assuming that is what you meant by "Is it possible to use SMF without a website".

What is your site 's url btw?

Offline Sir Osis of Liver

  • SMF Super Hero
  • *******
  • Posts: 10,143
  • Hoarding Budweiser in NY
Re: Infected with Malware
« Reply #2 on: May 13, 2020, 12:36:17 PM »
Is it possible to use SMF without a website?

Yes, SMF runs independently of the website.  You can move the forum up front in your domain, or use a redirect to link directly to the forum where it currently resides.  If the site has been hacked, you should do a clean install of current version, then upgrade immediately to 2.0.17.

Offline SpacePhoenix

  • Jr. Member
  • **
  • Posts: 165
Re: Infected with Malware
« Reply #3 on: May 13, 2020, 12:44:55 PM »
Have you changed your FTP password (making sure that the new password is a strong one)?

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #4 on: May 16, 2020, 12:30:29 PM »
Thanks all for your help. Yes the FTP PW is strong, my host is saying that it was WordPress plugins that was the issue.

I have installed a fresh copy of SMF and yes it is stand alone.

My problem now is that I can't restore a database I saved in April. Using cpanel I have uploaded/restored the DB I need, but going back to the SMF, it looks no different from the new install.

What am I doing wrong?

Steve

Offline doug_ips

  • Full Member
  • ***
  • Posts: 481
Re: Infected with Malware
« Reply #5 on: May 16, 2020, 01:30:25 PM »
Thanks all for your help. Yes the FTP PW is strong, my host is saying that it was WordPress plugins that was the issue.

I have installed a fresh copy of SMF and yes it is stand alone.

My problem now is that I can't restore a database I saved in April. Using cpanel I have uploaded/restored the DB I need, but going back to the SMF, it looks no different from the new install.

What am I doing wrong?

Steve

Did you install it in the same database that you are using for your Smf forum?

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #6 on: May 16, 2020, 01:38:39 PM »
I installed SMF via Softaculous Apps Installer, then I restored the BD I need, but it does not change.

Offline doug_ips

  • Full Member
  • ***
  • Posts: 481
Re: Infected with Malware
« Reply #7 on: May 16, 2020, 02:48:10 PM »
I installed SMF via Softaculous Apps Installer, then I restored the BD I need, but it does not change.

What I meant was if you restored the backup to the same db that you have used for your Smf forum. If you did, are the contents in the db? You can use phpmyadmin to view it.

Offline Sir Osis of Liver

  • SMF Super Hero
  • *******
  • Posts: 10,143
  • Hoarding Budweiser in NY
Re: Infected with Malware
« Reply #8 on: May 16, 2020, 04:07:40 PM »
Using an installer like Softaculous is not recommended, you should set up the clean forum with the 2.0.17 install package.  Softaculous will save created a new database, won't be the same as your original install.  Make sure you're importing the db dump into the correct db.

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #9 on: May 18, 2020, 04:30:56 PM »
Many thanks for your help.

The question I have now, is why when I successfully upload a saved SQL database will it not reflect in the SMF install?

I have uploaded the zipped SMF and am going through the installation process. I am stuck on number 3 - database settings.

I have used localhost, Username & Database name the same. but any password I use will not work. Is it the DB or FTP password that I need?

See attached....

« Last Edit: May 18, 2020, 04:54:28 PM by Paffman »

Offline doug_ips

  • Full Member
  • ***
  • Posts: 481
Re: Infected with Malware
« Reply #10 on: May 18, 2020, 05:01:35 PM »
Many thanks for your help.

The question I have now, is why when I successfully upload a saved SQL database will it not reflect in the SMF install?

I have uploaded the zipped SMF and am going through the installation process. I am stuck on number 3 - database settings.

I have used localhost, Username & Database name the same. but any password I use will not work. Is it the DB or FTP password that I need?

See attached....

You need the password of the db 's user. Note that the db user must have full access of its db. Hope it helps.

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #11 on: May 18, 2020, 05:16:05 PM »
Found out it was my cpanel PW.

So new SMF install working, but I can't get the saved DB I have to show on it, it uploads OK, just does not show.

Does the Database Tables Prefix need to be set on the new install the same as the saved DB? If so how do I find the Database Tables Prefix in a saved DB on my PC?
« Last Edit: May 18, 2020, 05:28:57 PM by Paffman »

Offline m4z

  • 98.8% chimp
  • Localizer
  • Sophist Member
  • *
  • Posts: 1,050
  • /mɛs/
Re: Infected with Malware
« Reply #12 on: May 18, 2020, 05:44:06 PM »
Does the Database Tables Prefix need to be set on the new install the same as the saved DB? If so how do I find the Database Tables Prefix in a saved DB on my PC?

Yes, otherwise another set of tables is created; it would not be in the DB but in Settings.php (in your forum files backup).
"Faith is what you have in things that don't exist."
--Homer Simpson

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #13 on: May 18, 2020, 06:03:29 PM »
Does the Database Tables Prefix need to be set on the new install the same as the saved DB? If so how do I find the Database Tables Prefix in a saved DB on my PC?

Yes, otherwise another set of tables is created; it would not be in the DB but in Settings.php (in your forum files backup).

OK, so when a new install of SMF is created, you can't then use/upload a saved Database?

I can upload a saved DB, but it makes no difference to the SMF. Do I need to change the database prefix within Settings to match the saved DB?

So when I upload a saved DB, where does it go?
« Last Edit: May 18, 2020, 06:28:00 PM by Paffman »

Offline Sir Osis of Liver

  • SMF Super Hero
  • *******
  • Posts: 10,143
  • Hoarding Budweiser in NY
Re: Infected with Malware
« Reply #14 on: May 18, 2020, 09:47:46 PM »
When you do a clean install with the install package, you have to create a new database which is populated with 63 tables, most of which are empty.  You can then import the database backup from your production forum.  If import is successful, run repair_settings.php to correct settings and paths to new install.  At that point you'll have clean files and all of the content from your damaged forum.  If database is ok (usually it is), you should be fine.  Next step would be to reinstall themes, mods, and any customizations you had done.

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #15 on: May 22, 2020, 05:19:03 PM »
OK just to be clear to the stupid... me.

I had a great SMF forum, then it got hacked. But I regularly made database backups to my PC. So I did a clean install of SMF, but I don't know how to upload the backup. When I create the fresh install do I go with the suggested database name and prefix? Then mu backup DB has a different name.

Confused dot com.

Offline doug_ips

  • Full Member
  • ***
  • Posts: 481
Re: Infected with Malware
« Reply #16 on: May 22, 2020, 06:07:32 PM »
OK just to be clear to the stupid... me.

I had a great SMF forum, then it got hacked. But I regularly made database backups to my PC. So I did a clean install of SMF, but I don't know how to upload the backup. When I create the fresh install do I go with the suggested database name and prefix? Then mu backup DB has a different name.

Confused dot com.

What do you mean by suggested database name and prefix? Simply create a new db and user, give that user full permissions to the db and install smf using those details. Then restore the db backup in the very same db that you used to install your newly smf forum.

Or you can also use the previous db details if you still have it. It really does not matter. But sinly you got hacked, I would recommend to use a new db.

If you are going to install smf to a different url, use repair_settings.php file to make sure that all the urls and paths have been straightened out properly. Hope it helps.

Offline Sir Osis of Liver

  • SMF Super Hero
  • *******
  • Posts: 10,143
  • Hoarding Budweiser in NY
Re: Infected with Malware
« Reply #17 on: May 22, 2020, 08:52:44 PM »
Just import the database backup into the new (empty) database you created for the new install, then run repair_settings.  The database name will be that of the new database, the table prefix will be that of the old database (iirc).  You fix all that with repair_settings.

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #18 on: May 23, 2020, 09:09:26 AM »
When you do a fresh SMF install, you get a new DB name and prefix. So are you saying that I can simply upload my saved but differently named DB to the SMF install?

I have tried that, but it does not change when I view SMF from the install DB.

Can I not FTP the saved DB to my server and install it from there?

Sorry dumb questions..... see attached - Step 6: Admin Account

What goes in here? - Database Password - The installer requires that you supply the database password to create an administrator account, for security reasons. Where do I find the PW?
« Last Edit: May 23, 2020, 10:01:36 AM by Paffman »

Offline Paffman

  • Jr. Member
  • **
  • Posts: 128
  • Me & Randy Mamola - Donington 2007
Re: Infected with Malware
« Reply #19 on: May 23, 2020, 10:22:33 AM »
OK, got it.

Fresh SMF installed, registration admin approved as if not I get loads of spammy members.

I have fixed all the red errors in the repair_settings, but I see no change in the SMF?




« Last Edit: May 23, 2020, 10:54:15 AM by Paffman »