my forum got hacked and delete
 

hello i have a big trouble with my forum.
yesterday i go to internet cafe.and login in to my cpanel forum admincp.
and then in the next 5hours im open my site.
my forum site room got deleted. many room is deleted and my member get banned too.
i take dedicated server for this 309$ / month.
i ask to my support host for backup my database.
they have my last database at 18 februari 2009 (my site got hacked)
and they restore my database.but its not complete because they have my database after hacker deleted my forum.

and now they dont have database again.
what should i do for this? i make my forum for 1year. and i have 25.000 visitor / day.

tq very much.

You dont save monthly backups to your hard drive? Dont they have a back up before Feb 18th?

OUCH

backup is everyday.but it always replace from before.

that my support host say :


and now what should i do?

Do you have any older backups of your site? If not then you may just have to start again.

no i dont have backup for my site.
because my host say always backup my database everyday.
and now they say they backup my database everyday but it will be replace from before.

now i really sad.
i make money 2000$/month in this site.
i cant start my forum again.

They make it everyday however the backup from yesterday is after you were hacked so they can't help you with that as they don't keep every backup for your site.

You would have to start again if you don't have any backup unless you can solve it in any way?

What is in your DB tables on the back up? Anything? Any info?

Is your forum accessible at all? Can you get into your admin cp?

--------------- Added [DATE]1234965282[/DATE] at [TIME]1234965282[/TIME] ---------------

Oooh and its just my opinion that they shouldnt BOTH be replaced in one night. JMO

You might want to check the server yourself for older backups as well, without a older backup, you CAN'T restore it back to a point before you go hacked, you can only try to repair the damage they did, move the users back to the groups they were in, then secure the site from that point on, the thread/post loss you will not be able to fix either without a backup.

As well, if they are doing backups with cpanel, cpanel backups are dated and shouldn't be over writing each other on a nightly basis.

here i check in my adminlog for hacker :


hacker delete forum one by one.
they just deleted via admincp. not login in my cpanel host.
now what should i do? i dont have backup database for my forum site.

Numerous ppl have already told you what to do.

i dont get what u mean sir.

have you even tried to login to the server via ssh and look for a backup older that yesterday?

no im not check.do i need to say to my support host?
i think its possible.bcos my support host say they dont have backup again just that. (18 feb 2009 1:00)

They say they also make weekly and monthly backups, so an older backup should still exist.

Tip: Never (did i say never?) login to sensitive data while using a PC in an internet cafe. A lot are infected with keyloggers and other malware.

yes :( marco. i hate it :(
they dont have any old my database.

:(( now i dont know what should i do to make my forum online again.
anyone can give me suggestion for this?

We can not use some magic to restore things that have been deleted. If they are not there and not in a backup, then it is gone. Not much we can do about that.

No Magic? :eek:

and now i lost my forum? :((
is there anything that i must do for get my forum back?

you did not read anything in the words from Marco or the others, didn't you ?!

im sorry because im so sad.

we know the feeling, we all lost something one day, and crashing a forum because of no backup is seen here once per week at least...

your only thing is to re-install your forum entirely, with a clean version, and put an announcement or a notice for all to invite your active users to re-register because of the database death...

did the cracker deleted the entire database, or just the forum content?!

my support host say :

weekly & monthly backups are just that, weekly and monthly, they should not be over written on a daily basis.

from the sounds of it, your host dont have the backups set correctly in cpanel, i assume the great techs at LW set the server up for you?

well they dont hack my forum site.
they just delete any room category in my forum.
they logged in as admin and deleted the forum category.

Based off the fact that your weekly monthly and daily backup are all the same u are out of luck. You can check for previous backups I doubt they are there. Your backup schedule also should keep a full weeks(each daily) of data so u can roll back to a non corrupted.

Well, as slippy put it as well as myself, the backup system was setup incorrectly in cpanel, it didnt retain anything, it simply was over writing everything on a daily basis, the LW tech that staged this server and setup the backup system, screwed the pooch.

Here is another brief story about LW and its not to bash them, it may be only a few of them that are inept.

Member here gets new server, LW sets up firewall, server runs for crap for 5 days, high loads, users cant get in etc, techs battle this for 5 days!

LW keeps telling her, you need more RAM, here is a price quote for 16gb's 24gb's & 32gb's, mind u she already has 8gb's of RAM lol.

To keep it short, i disabled the firewall addon script ddos.sh (addon for APF) and all was well.

As i stated this isnt to bash LW, i had always heard good things about them, the point is, everyone, you need to make sure your backups are working and that you download them to your computer at home/work or to where ever, do not depend on a 2nd drive, do not depend on a NAS at the host, always get your own copies on a daily basis.

hi snakes1100,.thank you very much for helping me.
but now im wait my host.
i dont know this issue is fixed or not. i will give information again in here.

here what my support say :
they have my backup database feb 18. 02:15
i hope my database back again.i really pray to god :D
btw i dont know why if i lost my forum and must restore from 6months ago.
thats very sick . i hate it. i build my forum in 1year. :(

--------------- Added [DATE]1234982993[/DATE] at [TIME]1234982993[/TIME] ---------------

oh damn*d my support say :

you might be able to restore some of it so all may not be lost.

Re-install vBulletin from fresh. Then open up the database they have backed up for you, even if its only half and the rest is lost. check which tables are complete in the backup, copy them to the clipboard, delete the table in your vBulletin with phpmyadmin, and run an sql query in the database (with phpmyadmin) by pasting what you have copied (the single table) in the big white square and click 'write'

Some parts may be saved this way instead of starting over. Hopefully your user table was in tact, thats the most important.

So Sad when something like this happens especially with a large site with a regular income :(

The Thing to do, what i do is at least i make a full CPanel Back up and then i download the backup file onto my memory stick and that goes into my safe.

Once a week i do this, you can never reply on your host as this shows, Are you prepared to lose everything because you didn't take 5 minutes to make a remote backup.

Do it Now, go on Make a full backup and burn it to a cd or memory stick and keep it safe.

As for the OP, I hope you can Salvage what you can, My thoughts are with you :(

Out of curiosity, do you we know how this forum got hacked? Are other vBulletin forums vulnerable to this?

Its in the first Post. Guy goes to internet Cafe and logs into admin cp, Then goes home.

Someone probably logged into his account on the same PC, Perhaps he didn't log off :eek:

I think the admins are more vulnerable than the software

im already logout in my admincpanel
i think its because keylogger.

Can I make a suggestion friend if you can afford to pay $300+ a month on a host save up for a few months a buy your own server. php apache and mysql are all free and easy to set up or checp to have installed or you can use lamp or wamp depending on the os you use. Lamp for linux wamp for windows. Then use sql dumper which is awesome and better then phpmyadmin at back ups since it has some things set incase of time outs for php scripts. i use it on my home server and it handles my sites back ups which are about 13MB's or more. I hope this helps you and sets you free from hosted drama.

As Marco says, NEVER go into your important files from a Public Computer, its just so Dangerous.

I hope you can salvage something of this :up:

yeah and now my support host didnt respect about this.
they never reply my email again (liquidweb)

In the end it is always your responsibility (read: your loss if things go wrong) to ensure there is a good backup. This will mean:

- Regular checks if your host make the backups he has promissed.
- Regular copy of the backup to a different medium (FTP to your PC, other server (at other hosting), etc..)
- Regular test if the backups are complete and can be used to restore your site.
- Be familiar with the backup schedule and make sure that it fits your needs (how long are you prepaired to rollback in case of an issue)

In worst case scenario if you cant get the backup be sure you well get back well again with your members, domain, idea ...
My advice is to decrease hosting costs for now
I am sorry I have no idea how you can get the whole forum back
Never ming Keep up the good work
Try to find any back up on your hard drive

Normal vbulletin forums are fine but you must be aware of keeping things up to date. Out of date vbulletin is vulnerable. Check what you install and keep things up to date.

Hello
realy i don't know what to say
but is the database you restore it with data or evry think deleted
if you have data you can login to myphpadmin and serach for how the hecker hacked your site and tray to repair the database

i know that the backup is tacking evry day and you must have
daly , weekly , monthly backup
the host must have more the system for backups
if thay don't and you don't have any backup so help you God

please don't loss the hope you must tray again and again .

sory for my bad english

i hope i find a replay from you saing in it the your forum back online

This is probably the worst situation for any webmaster. Hope all goes well for you.