My 1.07 TP site was hacked

[GM]

Near as we can tell so far, he went through the shout box. Took him all of 6 seconds from the time he signed in,loaded his bug,and log back out.

This wiped out 1 year of posts and topics,and at this point the backups aren't restoring them. They have restored most everything else. There are other bugs in the site yet,as some of the features are gone.

The host confirmed it was a forum hack. Said the shout box is a security risk,and not to load it back. If we can't get the data restored with the host's backup,I'm through with this crapp. We are a volunteer group doing expensive testing,and just lost a years worth ($1000's) of test results.

I'll never understand the reason for this,we have no enemies there. I'm not internet savy enough to play games with people who have no life.

[G6Cad]

Thats one of the best reasons to actually keep your files updated.
Several weeks ago, there was a security update for just this hacking attempts through the shoutbox.

The hacking wasa redirection, and when the security update was uploaded to the server, you still have had all the post and forum intact just like before.

Security risk before the security update yes, but sense that is done, everything is good to go again

[GM]

What update,for TP or SMF?

It was a redirect hack.

I can't keep up with all this stuff. I had just upgraded 2 smaller sites to RC2 and TP 0.8.6,saving the bigger one for last. The reason I left it for last,because 1.07 was a stable version and wanted to test RC2.

[G6Cad]

The updates files are in the download manager here at tinyportal

Easy to apply, just upload them to the folders and overwrite the ones there and you are done

[IchBin]

A redirect hack would not have caused you losing any information on your site. I would suggest you dig a little deeper to see exactly what has happened. And I would HIGHLY suggest you make backups at least weekly so you don't have to worry if you get hacked or the server going down.

[GM]

OK, I see your update thread now,and it was the same redirect using this IP.

IP:  85.97.134.149 
Hostname:  dsl.dynamic8597134149.ttnet.net.tr
Date Registered:  Yesterday at 01:07:47 PM
Last Active:  Yesterday at 01:07:53 PM

 
Email:  killerdevil@msn.com


We have a backup from yesterday,but it won't reload a years worth of posts and topics. Will they reload once the patch is uploaded?

[IchBin]

Why wouldn't a backup reload your topics/posts? All the redirect hack does is redirect. It doesn't delete posts. So if you are missing post/topics after you install the security update, then you definately have something more going on than the shoutbox exploit.

[copter]

yup this hacker has been going round, i saw a post about this turkish hacker on smf forums, u need to ban the ip and look in ur sql db to see if its all there, i wish u luck that the host sorts the backups.

[GM]

My other admin loaded another forum,but used 1.05 and tried to load the newer database into it. So it must have been a version conflict.

I have the order in for the host to reload a complete back up from yesterday. We'll see if it's all back to normal then. Afterwards I'll upgrade the works.

[Phoenixoverlord]

First make sure that you have the correct version of the forum installed or else you will get problems. I had the same issues there.