Page Index Toggle Pages: 1 [2] 
Topic Tools
Hot Topic (More than 10 Replies) Forums Blew Up (Read 2,684 times)
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #8 - Aug 24th, 2013 at 1:31am
Post Tools
setup.lock is in variables.

I don't think it is possible to have hacked our admin passwords but will change them anyway.

Still can't imagine where that adminindex.pl came from.  I don't even have a backup of that 2.3.1 package. nor would there have been a copy of it on the host server.  It had to come from somewhere...

JonB built this version and it has been working great till now.  I had to fix the spell check the other day but found the solution here on these forums.  Posted by you, Dandello....   Wink
« Last Edit: Aug 24th, 2013 at 1:31am by Autonerdz »  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,289
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #7 - Aug 24th, 2013 at 1:22am
Post Tools
If Setup.pl was still in the yabb2 directory and a file called Setup.lock was NOT in Variables - the culprit would still have needed the YaBB admin password (not the default one but your password) to get in.

But a lot of damage can be done this way if they can get in.

BTW, I also heartily endorse Bill's recommendation of changing the FTP password and any other server access passwords you have. (c-Panel, root, shell, whatever passwords that would grant someone direct file access.)
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #6 - Aug 24th, 2013 at 12:52am
Post Tools

That may have been the last key to the restoration.  Might be ready to go live but I still want to know what the #%&* happened so I can avoid this disaster repeating.

It seems I have restored to the moment of failure rather then the time of my backup last night by carefully avoiding overwriting files that seemed OK.

Took me all day but could have been so much worse...

Still would like a certified YaBB Geek to have a poke...if any are game.   Huh

This might be an undocumented security issue.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #5 - Aug 24th, 2013 at 12:34am
Post Tools
Dandello,

That was a huge help.  Placing my backup copy of settings.pl fixed a LOT.  Thank you!

There were many many files that were changed this morning at 10AM.  One of these was adminindex.pl.  The first thing I noticed.  This was a file relating to the previous version of YaBB.  2.3.1.

I am using 2.5 AE

I notice that setup.pl is still there.  Is that not supposed to have been deleted after setup?  Could this have been a way in by hackers?

 

« Last Edit: Aug 24th, 2013 at 12:34am by Autonerdz »  

ourforums2.GIF ( 347 KB | 33 Downloads )
ourforums2.GIF

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,289
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #4 - Aug 24th, 2013 at 12:15am
Post Tools
The MasterKey warning is valid. Grab a backup copy of your Settings.pl. The MasterKey that was created for your forum when it was first installed should be there. The MasterKey is the seed for the random generator for the Captcha.

What this tells me is that Settings.pl was corrupted or hacked so you might want to simply replace it from your backup.

Depending how old your version of YaBB is, an update to Perl can cause problems (but I don't what you're describing relates to that.)

And have your host check for malware - nothing within YaBB should be able to alter the contents or file date of AdminIndex.pl.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Forums Blew Up
Reply #3 - Aug 23rd, 2013 at 11:49pm
Post Tools
I've never seen that kind of security message in a YaBB forum before

Edited:
...

Dandello wrote on Aug 24th, 2013 at 12:15am:
The MasterKey warning is valid.

...

, but I'm still using the 2.4 version. I wonder if it has anything to do with JonB's modification of your forum? But I'm guessing anything he did would have been perfectly fine. After all, he's really good at computer stuff, and with YaBB in particular as I've learned.

Unfortunately, he disappeared from this forum some time ago, which has really caused problems because he's the only admin for this forum. And Corey who owns this domain has also disappeared without any explanation. But sometimes people just become suddenly irresponsible for no particular reason; very disappointing.

In any case, I wish that xnoddyx was around right now because he's remarkably capable when it comes to knowing how YaBB works. He seems to be able to fix any problem related to YaBB. Thankfully, I suspect he'll see your post soon because he's usually good about checking in on this forum to see if anyone needs help.

Meanwhile, you seem pretty experienced with YaBB, so it won't surprise me to see that your forum is up and running soon.

I realize your host told you that nothing odd happened on the server, but it sure seems that it did, and they simply weren't aware of it. I'm guessing that for whatever reason, a bunch of your files either got corrupted or disappeared somehow. Maybe you can compare local copies with what you have on the server to see if this may be the case.

This is so weird what happened to your forum. Huh

Edited:
I wonder if an update to Perl could have caused this? If it was updated.

« Last Edit: Aug 24th, 2013 at 2:29am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #2 - Aug 23rd, 2013 at 11:08pm
Post Tools

Thanks, Bill.  I'm trying here...

Restored Admin, Boards, Help, Languages.  Can't find anything else that shows evidence of modification..

Found a folder Time and Upload under Modules.  That wasn't there.  Deleted them.  Left messages and members alone for now...rebuilt index.  restored posts to boards but still way messed up.....

Tabs are gone.  Weird message at top about security settings....

I'm stuck....

  

ourforums.GIF ( 236 KB | 41 Downloads )
ourforums.GIF

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Forums Blew Up
Reply #1 - Aug 23rd, 2013 at 8:35pm
Post Tools
This isn't going to help get your forum back to where it's supposed to be (not right away), but I would immediately change the passwords for each and every admin you have, including your own admin account. I would also change the password(s) for your ftp account(s).

Then with your most recent backups, you should be able to restore your forum (I'm keeping my fingers crossed for you).

Next, a YaBB team member will probably stop by in a timely fashion to help you out. You can also ask for support over in Carsten's YaBB Mod Forum (the same YaBB team members are active there).

Good luck!

Edited:
Just in case there might be speedier help, I posted this in Carsten's forum.


« Last Edit: Aug 24th, 2013 at 12:00am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Forums Blew Up
Aug 23rd, 2013 at 8:00pm
Post Tools
Our forums blew up this morning.  No posts listed on the boards since 2011.  Other weird stuff.  I could not access the admin center to lock it down into maintenance mode. 

Looked on the server and found the date for the adminindex.pl was modified this morning.  Uploaded the one from my backup I made last night and was then able to get into the admin to lock it down.

I have a huge disaster here though...some things are worse now.

Been running YaBB since 2004.  Had issues before but never anything like this.  I don't even know where to begin.

YaBB 2.5 AE  Customized by Jon B.

http://www.autonerdz.com/cgi/yabb2/YaBB.pl

Our host says nothing odd happened on the server...  Not sure if we got hacked or what.  I see the files are there in members and messages on the server...Just doesn't work anymore. 

Trying to contact Jon B.  Any assistance welcomed.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Page Index Toggle Pages: 1 [2] 
Topic Tools
 
  « Board Index ‹ Board  ^Top