Page Index Toggle Pages: [1] 2 
Topic Tools
Hot Topic (More than 10 Replies) Forums Blew Up (Read 2,694 times)
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: Forums Blew Up
Reply #23 - Aug 25th, 2013 at 1:25am
Post Tools
Autonerdz wrote on Aug 24th, 2013 at 11:40pm:
The forensic exam is complete.  Got the FTP logs and the damage came from our IP.  Further investigation leads me to a Dreamweaver put gone terribly wrong when one of out guys was doing a site wide put.   Have no idea how it latched on to some old YaBB files that were still on our local server but it did.  We'll be having a conversation about that on Monday...and deleting those.

it is good that it was not host or hacking and as it looks that you have more than one working on the website it may be a good idea to have a check sheet on what can and cannot be edited or updated and if there is more than one working on it at a time a list of who is doing what and hopefully it was just bad oversight on one of the guys that did it and hope that your forum is back to 100% for you and you don't have any more bad luck with it.
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,293
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #22 - Aug 25th, 2013 at 12:59am
Post Tools
Glad to hear your host was actually innocent (this time) and it was another program's fubar, not YaBB.

This should also help in the future if someone has a similar problem - see what other things got 'updated' wrong.  Shocked
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,293
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #21 - Aug 25th, 2013 at 12:57am
Post Tools
Glad to hear your host was actually innocent (this time) and it was another program's fubar, not YaBB.

This should also help in the future if someone has a similar problem - see what other things got 'updated' wrong.  Shocked
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #20 - Aug 24th, 2013 at 11:40pm
Post Tools

Thanks so much everyone for the assist. 

The forensic exam is complete.  Got the FTP logs and the damage came from our IP.  Further investigation leads me to a Dreamweaver put gone terribly wrong when one of out guys was doing a site wide put.   Have no idea how it latched on to some old YaBB files that were still on our local server but it did.  We'll be having a conversation about that on Monday...and deleting those.

I am relieved to know that we were not hacked by anyone but ourselves and that there is no security vulnerability.  Since EVERY other time something like this has happened, it has been InMotion Hosting that screwed us, they were naturally the first suspect.  But once I saw the logs they were off the hook this time.

Just wanted to wrap this up. with the final conclusion.

Good advice xnoddyx.  I intend to keep that last backup for a while and make a fresh one.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,587
Location: UK:Scotland/livingston

None
Re: Forums Blew Up
Reply #19 - Aug 24th, 2013 at 9:37pm
Post Tools
Autonerdz wrote on Aug 23rd, 2013 at 8:00pm:
Our host says nothing odd happened on the server...  Not sure if we got hacked or what.

ok I have had a look at the posts and though your hosting is saying they did not do anything it looks like they had some auto backup restore run that did this to your forum

Autonerdz wrote on Aug 24th, 2013 at 12:34am:
There were many many files that were changed this morning at 10AM.  One of these was adminindex.pl.  The first thing I noticed.  This was a file relating to the previous version of YaBB.  2.3.1.

was you running 2.3.1 at some point if you was then what I have put in the top of this post is more than likely what has happened but make sure that you keep the last clean copy of the backup you have be for this prob and see how the forum works you may also want to keep a backup of the fixed forum as well as this may help if you have any more probs and may help fix your forum if it is still not a 100% after the fixing.

Bill Myers wrote on Aug 23rd, 2013 at 11:49pm:
In any case, I wish that xnoddyx was around right now because he's remarkably capable when it comes to knowing how YaBB works. He seems to be able to fix any problem related to YaBB. Thankfully, I suspect he'll see your post soon because he's usually good about checking in on this forum to see if anyone needs help.

thank you i do apologize for not being around much just now but personal life finds a way to tie you up a bit and won't get into it on here but if you want to know just pm and ask.  Smiley
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #18 - Aug 24th, 2013 at 4:21pm
Post Tools
I have asked InMotion to look at the logs to see how that one adminindex file got changed the first time.....

I will report back if that leads anywhere.
« Last Edit: Aug 24th, 2013 at 4:44pm by Autonerdz »  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,630
Location: Los Angeles

YaBB 2.5
Re: Forums Blew Up
Reply #17 - Aug 24th, 2013 at 4:08pm
Post Tools
At some point I believe it was reported here in this forum that admin/webmaster passwords had possibly been obtained. The result, if that was what happened, was that malware had been loaded onto the server hosting this forum. I recall that JonB changed all of the passwords just in case, and since that time as it seems, no malware has been uploaded.

As such, I suppose it's possible that a password to your forum/server was somehow obtained at that time. However, I am only speculating, and speculation is really not to be relied upon even as it might turn out that it's based on fact.

In any case, as you mentioned, this time your host told you that something was wrong with them, and they would get back to you after looking into it (it's refreshing when a host is forthright).

On a related matter, my company has routinely changed passwords, etc., whenever a staff member has moved on. This has been a standard practice of ours even when there's been no actual reason to do this. With people who are given temporary access for maintenance, etc., our standard practice has been to give them temporary passwords.

Then there's the matter of how secure a host keeps your data. Wink

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #16 - Aug 24th, 2013 at 3:22pm
Post Tools
Dandello wrote on Aug 24th, 2013 at 2:25pm:
either by upload via FTP/file-manager, an auto installer, OR a very old backup.


I agree. I can't imagine any other way. The only people with server access were us and JonB.  Nothing else was disturbed...Just YaBB.  If someone had hacked the secure password, seems they would have messed with the main site.

I have to think that the InMotion hosting people did something that they don't want to admit to.  Every time we have had things go wrong with YaBB they were responsible (like zero vars files).  I pay them for backups too but both times I considered using them, they were not available.  This time they told me that something was wrong with them and they would look into it and get back to me.  That was almost 24 hours ago now. 

One possible scenario...maybe another user on my VPS had a 2.3.1 forum and they got confused when restoring something...

I downloaded the whole mess and have it for any forensics so if anyone wanted to see something....
« Last Edit: Aug 24th, 2013 at 3:26pm by Autonerdz »  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,293
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #15 - Aug 24th, 2013 at 2:25pm
Post Tools
What's boggling - the fact that the AdminIndex.pl showed that it was the 2.3.1 version. That could only have happened if there was a 2.3.1 version available to over-write it - either by upload via FTP/file-manager, an auto installer, OR a very old backup.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #14 - Aug 24th, 2013 at 4:56am
Post Tools
Dandello wrote on Aug 24th, 2013 at 2:55am:
if it has YaBB 2.3.1 available as an auto-install


Nope.  Thanks for the thought though....
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,293
Location: Earth

YaBB 2.6.1
Re: Forums Blew Up
Reply #13 - Aug 24th, 2013 at 2:55am
Post Tools
A scenario occurred to me over dinner - it of course requires a lot of ifs and maybes.

If you have c-Panel (or another similar server control panel) and if it has YaBB 2.3.1 available as an auto-install and if the auto install was triggered it might overwrite things like AdminIndex.pl and some of the files in Sources and Boards as well as Settings.pl.

Maybe.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #12 - Aug 24th, 2013 at 2:31am
Post Tools
Bill Myers wrote on Aug 24th, 2013 at 2:24am:
I'm just very glad that your forum is working again.


Me too.  But I had to use one of my wishes..... Roll Eyes
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,630
Location: Los Angeles

YaBB 2.5
Re: Forums Blew Up
Reply #11 - Aug 24th, 2013 at 2:24am
Post Tools
Believe me. Out of the three of us, I was the most clueless of all. Cheesy

I'm just very glad that your forum is working again. Smiley

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: Forums Blew Up
Reply #10 - Aug 24th, 2013 at 2:21am
Post Tools
Bill,

Thanks to your post I was able to muster the courage to begin restoring.

Also changed all the passwords, as you suggested...

Still have no clue what happened....But we went live a few minutes ago...
« Last Edit: Aug 24th, 2013 at 2:22am by Autonerdz »  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,630
Location: Los Angeles

YaBB 2.5
Re: Forums Blew Up
Reply #9 - Aug 24th, 2013 at 2:16am
Post Tools
Dandello, thank you so much for coming to the rescue. You're very good at it!  Smiley

I had to go away for a while during all that happened here after my last post, so I was very pleased to see his forum back up, and looking great again. I can't explain it, but sometimes I feel personally assaulted when I see another forum having problems, and I can feel especially frustrated when I don't have a solution.

Another great YaBB forum alive and well again! Cool

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
 
  « Board Index ‹ Board  ^Top