Please Help With My Board: Hacked and Accounts, etc.

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

I have a board ozstudentforum.com that I seem to be locked out of for admin.

Haven't looked at it for a long time. Now I find it has more than 500 topics awaiting approval.

So I log in alright and go to the moderator thing and make a start at approving/disapproving and reach the stage where I decide to go to the admin control panel and perhaps delete users and that will hopefully delete all their pending posts/new topics.

And I find I cannot get in. I haven't kept a record of the password but it certainly should be amongst the half dozen I use all the time.

I am surprised that 500 topics/posts got created and posted without me knowing.
And I need to find the best way to deal with it all.
And I need to get in.

Those three things if someone could please help an admittedly unworthy admin who's never learned enough in years of having phpBB boards. I'm sorry about that, obviously. :) But need to get on anyway...

I am happy to give the keys to the board to an honest helper.
Last edited by Mick on Sat May 21, 2022 9:41 am, edited 1 time in total.
Reason: Solved.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by KevC »

The admin panel password is the same one you logged in to the site with.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

of course. I should have been clearer. My win10 installation logs me in. I remembers my login. But - I don't think it ever remembered the 'authentication' password. At any rate it doesn't now.

And actually after writing that post I realised I can't 'give the keys' for that very reason. I don't know the password - only my computer does.

I could 'give the keys' via my host though, I guess, something like that.

p.s. unless there's a tool somewhere that we can use to get windows to give us our 'remembered' passwords in clear?
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by KevC »

In phpMyAdmin, run the following, which will create an admin user named Admin1 with a password of admin. From that point you should be able to get into the ACP.

Code: Select all

INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin1', 'admin1', 0, '21232f297a57a5a743894a0e4a801fc3', '[email protected]', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '');
Change your table prefix if it is not phpbb_

See Executing SQL Queries in phpMyAdmin if you are unfamiliar with running database queries.

As soon as you have done this, use the temporary admin account to change the details on the original admin account, then delete the temporary account.
This is because:
  1. anyone could use that account to log in to your board if you didn't change the password.
  2. this temporary user has not been fully set up (e.g. it is not a member of the "Registered users" group, so it won't have normal access to your forums).
To remove the account you will first need to remove ???founder??? status from it: ACP > USERS AND GROUPS tab > Manage Users > Admin1 > Overview > Founder = No
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

Thank you. I'll get onto it. After breakfast chores. Going to take a little while by looks of it.

p.s. just before I go - did I do something wrong/omit something that more than 500 posts have been made to my board without me knowing/giving permission and yet at the same time the board claimed they were 'waiting approval' ? What's the 'waiting' if they're already there?
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by Mick »

Your Q&A is far too easy for one thing, it can be Googled even though probably everyone on the planet knows the answer. You need to create a Q&A that the answer cannot be found via a search, maybe something specific to your board.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

yep, well that was hacked. I've got no memory of putting something as silly as that there. though it's possible of course. I can't change it until I get in.
User avatar
warmweer
Jr. Extension Validator
Posts: 11234
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by warmweer »

abrogard wrote: Thu May 19, 2022 8:16 pm p.s. just before I go - did I do something wrong/omit something that more than 500 posts have been made to my board without me knowing/giving permission and yet at the same time the board claimed they were 'waiting approval' ? What's the 'waiting' if they're already there?
Those posts are probably made by Newly Registered Users and are in the moderation queue. The posts have been made, but have not been cleared for publication.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by KevC »

It doesn't make a lot of sense that someone would hack a board to add a new Q&A antispam question.

Once you run that query and can get in you'll be able to see the admin logs.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

see the admin logs. that's a good one. right. it'll be interesting if I can see exactly what happened. might sober me up a bit if it turns out it was me.... :)
I'm talking with Awardspace now. They seem to have removed phpMyadmin and put some 'database manager' there that looks nothing like the phpMyadmin I used a few times in the past...
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

small snag - I can't identify the database.

I was dumb enough not to give it a clear name and now I don't know which one it is out of a few candidates...

somewhere i can look from the host end perhaps, something I can look in - maybe config.php I thought and found it but no luck. Altogether seemed too small for config.php as I remembered. Is there perhaps two of them in the install dirs?

Anyway - anywhere I can look to find the database name?
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by Lumpy Burgertushie »

config.php is the correct file to find the database name.
the database is not going to be in the files at all, it is a separate thing on the server.
you will need to access your hosting control panel and find the database section.
once you know the db name from the config.php file you can find the correct database.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

Hello Mr Burgertushie.. I remember you helping me out on numerous occasions in the past. Thank you once again. :)

All done. Success.

Except I'm immediately faced with the next problem. Update. Turns out it is v 3.3.5 and it advises me I need to be at 3.3.7

ah well..... don't know whether to get stuck in trying to prune tha 400 + or do the update.... which has the greatest priority, which the least hassle?

p.s. I looked in the log and there's been no activity from any other IP but mine so it looks like I did it all.
no successful admin logins since 30/11/21 and on that day 50+ users were activated and the spambot measures update, to that covid nonsense I suppose.
no memory of any of it. mysterious. perhaps i've taken leave of my senses.
abrogard
Registered User
Posts: 329
Joined: Tue May 24, 2005 8:32 am
Location: australia
Name: arthur brogard

Re: Please Help With My Board: Hacked and Accounts, etc.

Post by abrogard »

All done and working well. Thank you. Now I just need to clean up the mess and try to stay on top of things.

I made an ordinary user and logged in as it and I find there's only 44 posts there now. Not 400.

So when you log in as admin you see all proposed posts right there on the board in the 'normal' space just as though they were posted. I didn't know that. And I see they're marked as requiring approval. All good.

I was fooled by the stats showing 400 odd posts and by quick look seeing they were all there and not stopping to see that aspect, that 'approve or not' thing.

All good. Did something and learned something. Thanks for the help.
Post Reply

Return to “[3.3.x] Support Forum”