PDA

View Full Version : Hacked forum backup gives database error

benpaul10
01-13-2009, 12:05 PM
My forum was hacked because I was using 777 permissions without understanding the implications :(

I have reverted to a backup of the whole of the web contents but this will not connect to my database:
"There seems to have been a problem with the database."

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title> Database Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<style type="text/css">
<!--
blockquote { margin-top: 75px; }
p { font: 11px tahoma, verdana, arial, sans-serif; }
-->
</style>
</head>
<body>
<blockquote>
<blockquote>

<p><strong>There seems to have been a problem with the database.</strong><br />
Please try again by clicking the <a href="#" onclick="window.location = window.location;">Refresh</a> button in your web browser.</p>
<p>An E-Mail has been dispatched to our <a href="mailto:kerry@yupz.com">Technical Staff</a>, whom you can also contact if the problem persists.</p>
<p>We apologise for any inconvenience.</p>


<!--
Database error in vBulletin :

mysql_connect() [&lt;a href='function.mysql-connect'&gt;function.mysql-connect&lt;/a&gt;]: Access denied for user 'tucklis4'@'web98.opentransfer.com' (using password: YES)
/hsphere/local/home/alexrpau/fencingforum.com/forum/includes/class_core.php on line 279

MySQL Error :
Error Number :
Date : Tuesday, January 13th 2009 @ 01:57:55 AM
Script : http://fencingforum.com/forum/
Referrer :
IP Address : 85.189.97.228
Username :
Classname : vb_database
-->


</blockquote>
</blockquote>
</body>
</html>

Any help would be GREATLY appreciated!!:D
Marco van Herwaarden
01-13-2009, 12:14 PM
The MySQL user & password you have set in your config.php file does not match the details for the database.
benpaul10
01-13-2009, 12:18 PM
I replaced the config.php file with an older one and now I have some functionality but not all.


EG direct clicks seem to work but some things do not and throw errors:


Database error in vBulletin 3.6.5:

Invalid SQL:

SELECT
userfield.*, usertextfield.*, user.*, UNIX_TIMESTAMP(passworddate) AS passworddate,
IF(displaygroupid=0, user.usergroupid, displaygroupid) AS displaygroupid, level, avatar.avatarpath, NOT ISNULL(customavatar.userid) AS hascustomavatar, customavatar.dateline AS avatardateline, customavatar.width AS avwidth, customavatar.height AS avheight

FROM user AS user
LEFT JOIN userfield AS userfield ON (user.userid = userfield.userid)
LEFT JOIN usertextfield AS usertextfield ON (usertextfield.userid = user.userid) LEFT JOIN reputationlevel AS reputationlevel ON (user.reputationlevelid = reputationlevel.reputationlevelid) LEFT JOIN avatar AS avatar ON (avatar.avatarid = user.avatarid) LEFT JOIN customavatar AS customavatar ON (customavatar.userid = user.userid)

WHERE user.userid = 45;

MySQL Error : Unknown column 'level' in 'field list'
Error Number : 1054
Date : Tuesday, January 13th 2009 @ 08:16:38 AM
Script : http://fencingforum.com/forum/private.php?do=showpm&pmid=24955
Referrer : http://fencingforum.com/forum/private.php
IP Address : 85.189.97.228
Username : wingnutLP
Classname : vb_database
Marco van Herwaarden
01-13-2009, 12:31 PM
Provide some more info.

- What was the vB version of the database you restored?
- what version of the vB software do you now have installed?
- Why do you restore an older config file?
- What else have you done?
TheLastSuperman
01-13-2009, 02:56 PM
Redo the config like Marco suggested (listen to him more than me cause he is DA MAN lol) but also check the version too like he said... what am I here for? Well if you get the cofig working right and still no forums try the admincp forums as you might be able to access and if so disable all your mods then try the normal forums etc.

More info like Marco asked for too would be nice.

S-MAN
CarlitoBrigante
01-13-2009, 03:30 PM
777 permissions are also not enough to hack your server; you have some other security hole, somewhere, that let them write to that directory. Or you are in a shared environment that has accounts not properly chrooted.
benpaul10
01-14-2009, 01:22 PM
Ok I reverted to a backup of my web folder but it looks like they got innto the database :(

I am on 3.6.5.

My host blames me but that is no surprise!

I have tried to log in to the administration page but now I and the other admin have been change to moderator somehow so I am unable to do anything... I assume that this means that someone or something else now has an admin account :(

Is there any solution to this?

Should I temporarily lock the forum again by changing the passwords to the mysql database?

Thanks for your help guys!

--------------- Added 1231947699 at 1231947699 ---------------

In fact I have PHP my admin access so if someone can point me to the table that stores the user level data I should be able to change myself back to an admin?
Marco van Herwaarden
01-14-2009, 02:41 PM
I would not continue with this set of data. You only noticed that some admins have been changed to moderators, but you don't know what else have been changed in the database. I would start again by restoring a clean database.

Please read the following thread on how to improve security for your board:
http://www.vbulletin.com/forum/showthread.php?t=194701
Rene Kriest
01-14-2009, 03:00 PM
Final advice: There is good in almost anything. ;)

Use this turmoil and trouble to upgrade to the newest versions - not only vb but also your OS, the vb addons - everything

Believe me, it is no fun at all to backup almost 1gb per day - everyday - to have a plan b: a backup at least. Furthermore it is really time consuming to read daily through the vb addon section just to be up to date to the newest security issues.

I learned it the hard way and this is usually the best way. Don't let this chance to learn something from your troubles pass by. Being hax0red is one thing, learning and getting the point a different one.

Doing backups every day is like shaving at least every thrird day: it has to be done otherwise you look dumb. :D
Marco van Herwaarden
01-14-2009, 03:10 PM
If you are using a control panel like cPanel, you can also schedule daily backups. No need to look at them, but download a backup every few days to your local PC.
CarlitoBrigante
01-14-2009, 03:21 PM
If you are using a control panel like cPanel, you can also schedule daily backups. No need to look at them, but download a backup every few days to your local PC.

And just make sure to setup a good e-mail to get warnings about full backup directories.

Doing backups every day is like shaving at least every thrird day: it has to be done otherwise you look dumb. :D

Unless you have a full grown beard, that is.