I have a problem, couple hours ago my Forum was hacked, so I had to modify two backups to get everything back, but there was problem, even though i got all the messages back and all the user my data, (numbers are wrong), how do I Fix Thix. thank you
Which numbers are wrong? I dont really understand what you are saying apart from your phpbb forum being hacked. What are you trying to fix? I advise you to keep up with the patches of phpbb by signing up to the mailing list (if you havnt done so already) and apply them asap
Well it was Defaced, and my top portion of the forum, first 3 topics were erased. Well me and my friend had two different versions of backup, i had to mix both of them together to get most of the threads and messages back, Once I got them back the numbers showing how many posts there are is wrong, and the last message posted by is wrong, even though there is later message after the one showing. Is there any way to fix this automatically without going into a backup file and doing it manually. Can it be recounted some other way. P.S. He registered as a user, then somehow changed his settings to Admin Options. How did he do that. IF someone is curios it was Kosova Hacking Group, and the hacked my site just because it was in Serbian Language. Mine wasnt politically oriented.
what version of phpBB did you use? There are some serious security issues in the pre 2.0.13 versions.. you can rebuild the search index with this mod: http://www.phpbb.com/phpBB/viewtopic.php?t=83916 but I don't know how you can fix the post count. It's probably best to ask your questions over at phpbb.com.
I would think about buying vBulletin, it has many tools and utilities to update counters and such. And also, you will not have to worry about being defaced(The only real time I have seen a security issue is when there is a bug in PHP and the team has to code around it, but you could also try to reupload the sql dump to phpmyadmin and see if that works(The restore could have gotton corrupted)
Ok I really screwed up this time, and just when i was to update my site. Does anyone know how i can hack back into my site. They changed my name and my admin password so I can't access my Site. Does anyone know how I can hack back into it??? I think something with a cookie but I don't know what to change on cookie. Please HELP!!!
I don't know anything about PHPBB, but I would start looking at the database, because that's where it all must end up. If you are using MySQL and not sure how the database is structured, run these commands to see your databases and tables: show databases; use <your-phpbb-database-name-here> show tables; See if there's anything user-related and select records to see the actual values. Most likely you will not see actual passwords, but you might be able to reset a hash for the admin account to a zero-length string. Just make sure that before modifying anything in the database that you made appropriate backups. J.D.
If you lost your admin password, the easiest way (may be the only way too) is modifying your database data directly. I don't know how phpBB store the password, you can register a new user and copy the password field to your admin password. If your posts count or forum statistic is incorrect, I wrote a script before which specially for it. By the way, I'm also using phpBB 2.0.11, do you know how your forum was hacked? Are you sure it's by a random hacker, not someone you know?
Ok, thanks guys, I will just update directly t0 2.0.13 and copy my old database and add about 10 more entries that came later on. If you are using 2.0.11 change it or update it right away. This is why When somebody registers they receive a cookie, in that cookie they can change their user level to Admin. Pretty simple, i just dont know what do i need to change in my cookie. Anyways update it right away. If somebody knows what to change in cookie please post it.
Not that I doubt what you are saying, but I find it hard to believe that anybody would store anything of that nature in a cookie. Where'd you hear this from? J.D.
I read it on PHPbb forums . I did find this hard to believe to, but when your site gets hacked twice in two days, you begin to wonder. Who knows. If its false then i fell for it. I did retrieve my data I exported the Users from server, changed the information and updated it back.
Just curious, how did you login - using the cookie hack or you just extracted data from the database? J.D.
I just exported Users from my Sql server, changed the password on my account and upload it back. I finally upgraded it too, that took forever the backaup from 2.0.11 cannot be uploaded directly to 2.0.13 so I had to do it Table by Table though myAdminPHP on the mySql server. Or at least mine backup didnt want to do it. I'm running a PHP Nuke 7.6 on my other website and it is using PHPBB2 2.0.10, does anybody know if my site is opet to hackers as my 2.0.11 Forum, or did PHPNuke update that. Or do I need to update the files on PHP Nuke Forum. Thanks
As far as I know, 2.0.10 has one more critical security problem than 2.0.11, I have never used phpNuke, but I think you can follow the update threads on phpBB.com and change a few lines code, anyway, only several lines are real threat. My phpbb forum is heavily modified, so I just updated one line for each new version - which phpbb.com claims they are critical updates. I guess the hackers search phpBB forum randomly with "powered by phpbb", "phpbb", etc, if you modify the overallfooter.tpl to delete any phrase like this, you will be much safer.
But if I delete the thread with powered by phpbb or phpbb wouldnt i be in breack of copyrights policy??
Thanks, well phpbb 13 works ok for now, still no breach, i'll see how long it keeps up. One thing i like about 13 is when you go to admin panel it tells you if you're using the latest version.