YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 
Topic Tools
 
Forums Blew Up (Read 1,648 times)
 Reply #15 - Aug 24th, 2013 at 2:25pm
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,873
Earth


YaBB 2.5
Re: Forums Blew Up
What's boggling - the fact that the AdminIndex.pl showed that it was the 2.3.1 version. That could only have happened if there was a 2.3.1 version available to over-write it - either by upload via FTP/file-manager, an auto installer, OR a very old backup.
 
WWW  
IP Logged  
 Reply #16 - Aug 24th, 2013 at 3:22pm
There are no actions to perform.  

Autonerdz 
Full Member
***
Offline
Posts: 148
Washington State USA


YaBB 2.5
Re: Forums Blew Up
Dandello wrote on Aug 24th, 2013 at 2:25pm:
either by upload via FTP/file-manager, an auto installer, OR a very old backup.


I agree. I can't imagine any other way. The only people with server access were us and JonB.  Nothing else was disturbed...Just YaBB.  If someone had hacked the secure password, seems they would have messed with the main site.

I have to think that the InMotion hosting people did something that they don't want to admit to.  Every time we have had things go wrong with YaBB they were responsible (like zero vars files).  I pay them for backups too but both times I considered using them, they were not available.  This time they told me that something was wrong with them and they would look into it and get back to me.  That was almost 24 hours ago now.  

One possible scenario...maybe another user on my VPS had a 2.3.1 forum and they got confused when restoring something...

I downloaded the whole mess and have it for any forensics so if anyone wanted to see something....
« Last Edit: Aug 24th, 2013 at 3:26pm by Autonerdz »  
Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
WWW autonerdz Autonerdz  
IP Logged  
 Reply #17 - Aug 24th, 2013 at 4:08pm
There are no actions to perform.  

Bill Myers 
God Member
Beta Testers
*****
Offline
Posts: 1,482
Los Angeles


YaBB 2.4
Re: Forums Blew Up
At some point I believe it was reported here in this forum that admin/webmaster passwords had possibly been obtained. The result, if that was what happened, was that malware had been loaded onto the server hosting this forum. I recall that JonB changed all of the passwords just in case, and since that time as it seems, no malware has been uploaded.

As such, I suppose it's possible that a password to your forum/server was somehow obtained at that time. However, I am only speculating, and speculation is really not to be relied upon even as it might turn out that it's based on fact.

In any case, as you mentioned, this time your host told you that something was wrong with them, and they would get back to you after looking into it (it's refreshing when a host is forthright).

On a related matter, my company has routinely changed passwords, etc., whenever a staff member has moved on. This has been a standard practice of ours even when there's been no actual reason to do this. With people who are given temporary access for maintenance, etc., our standard practice has been to give them temporary passwords.

Then there's the matter of how secure a host keeps your data. Wink

 
Morning, noon, or night, have a great one! ...
WWW BillHMyers  
IP Logged  
 Reply #18 - Aug 24th, 2013 at 4:21pm
There are no actions to perform.  

Autonerdz 
Full Member
***
Offline
Posts: 148
Washington State USA


YaBB 2.5
Re: Forums Blew Up
I have asked InMotion to look at the logs to see how that one adminindex file got changed the first time.....

I will report back if that leads anywhere.
« Last Edit: Aug 24th, 2013 at 4:44pm by Autonerdz »  
Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
WWW autonerdz Autonerdz  
IP Logged  
 Reply #19 - Aug 24th, 2013 at 9:37pm
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,555
UK:Scotland/livingston


YaBB 2.5
Re: Forums Blew Up
Autonerdz wrote on Aug 23rd, 2013 at 8:00pm:
Our host says nothing odd happened on the server...  Not sure if we got hacked or what.

ok I have had a look at the posts and though your hosting is saying they did not do anything it looks like they had some auto backup restore run that did this to your forum

Autonerdz wrote on Aug 24th, 2013 at 12:34am:
There were many many files that were changed this morning at 10AM.  One of these was adminindex.pl.  The first thing I noticed.  This was a file relating to the previous version of YaBB.  2.3.1.

was you running 2.3.1 at some point if you was then what I have put in the top of this post is more than likely what has happened but make sure that you keep the last clean copy of the backup you have be for this prob and see how the forum works you may also want to keep a backup of the fixed forum as well as this may help if you have any more probs and may help fix your forum if it is still not a 100% after the fixing.

Bill Myers wrote on Aug 23rd, 2013 at 11:49pm:
In any case, I wish that xnoddyx was around right now because he's remarkably capable when it comes to knowing how YaBB works. He seems to be able to fix any problem related to YaBB. Thankfully, I suspect he'll see your post soon because he's usually good about checking in on this forum to see if anyone needs help.

thank you i do apologize for not being around much just now but personal life finds a way to tie you up a bit and won't get into it on here but if you want to know just pm and ask.  Smiley
 
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
 Reply #20 - Aug 24th, 2013 at 11:40pm
There are no actions to perform.  

Autonerdz 
Full Member
***
Offline
Posts: 148
Washington State USA


YaBB 2.5
Re: Forums Blew Up

Thanks so much everyone for the assist.  

The forensic exam is complete.  Got the FTP logs and the damage came from our IP.  Further investigation leads me to a Dreamweaver put gone terribly wrong when one of out guys was doing a site wide put.   Have no idea how it latched on to some old YaBB files that were still on our local server but it did.  We'll be having a conversation about that on Monday...and deleting those.

I am relieved to know that we were not hacked by anyone but ourselves and that there is no security vulnerability.  Since EVERY other time something like this has happened, it has been InMotion Hosting that screwed us, they were naturally the first suspect.  But once I saw the logs they were off the hook this time.

Just wanted to wrap this up. with the final conclusion.

Good advice xnoddyx.  I intend to keep that last backup for a while and make a fresh one.
 
Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
WWW autonerdz Autonerdz  
IP Logged  
 Reply #21 - Aug 25th, 2013 at 12:57am
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,873
Earth


YaBB 2.5
Re: Forums Blew Up
Glad to hear your host was actually innocent (this time) and it was another program's fubar, not YaBB.

This should also help in the future if someone has a similar problem - see what other things got 'updated' wrong.  Shocked
 
WWW  
IP Logged  
 Reply #22 - Aug 25th, 2013 at 12:59am
There are no actions to perform.  

Dandello 
Global Moderator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 1,873
Earth


YaBB 2.5
Re: Forums Blew Up
Glad to hear your host was actually innocent (this time) and it was another program's fubar, not YaBB.

This should also help in the future if someone has a similar problem - see what other things got 'updated' wrong.  Shocked
 
WWW  
IP Logged  
 Reply #23 - Aug 25th, 2013 at 1:25am
There are no actions to perform.  

xnoddyx 
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline
Posts: 1,555
UK:Scotland/livingston


YaBB 2.5
Re: Forums Blew Up
Autonerdz wrote on Aug 24th, 2013 at 11:40pm:
The forensic exam is complete.  Got the FTP logs and the damage came from our IP.  Further investigation leads me to a Dreamweaver put gone terribly wrong when one of out guys was doing a site wide put.   Have no idea how it latched on to some old YaBB files that were still on our local server but it did.  We'll be having a conversation about that on Monday...and deleting those.

it is good that it was not host or hacking and as it looks that you have more than one working on the website it may be a good idea to have a check sheet on what can and cannot be edited or updated and if there is more than one working on it at a time a list of who is doing what and hopefully it was just bad oversight on one of the guys that did it and hope that your forum is back to 100% for you and you don't have any more bad luck with it.
 
YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
WWW xnoddyx xnoddyx1  
IP Logged  
Pages: 1 2 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.