Hopelessly compromised board?

[abrogard]

I have a board I could not get into: mblforum.com

so i used the phpMyadmin query to create admin1 and got in that way.

It was immediately strange: asking me for an email address to reset my password. I gave it one that I know exists within the database and belonging to a user and it moved on to a next screen where it told me that board has no forums.

It did have some data comprising review posts about books. Any chance perhaps of finding them and keeping them?

[SQLnovice]

Kind of regardless of what has happened, you could restore your site from backup on the host. Most hosts will automatically back up your Web site, database, and files. If it's a complete loss at this point, simply restore from a most recent backup that has some significant size to it. You should then be able to login using your credentials from that point in time. And if so, reset the passwords for all site founders or better still, remove all founders but yourself and go from there.

Probably not a bad idea to establish some form of 2FA/MFA too.

[warmweer]

I have a board I could not get into: mblforum.com

so i used the phpMyadmin query to create admin1 and got in that way.

It was immediately strange: asking me for an email address to reset my password. I gave it one that I know exists within the database and belonging to a user and it moved on to a next screen where it told me that board has no forums.

It did have some data comprising review posts about books. Any chance perhaps of finding them and keeping them?

The emergency founder account (Admin1) allows you to access the ACP, but no permissions are set, hence the screen: this boards has no forums.
First of all, change the password for Admin 1 so that nobody else can access it.

The point of the emergency Admin account is to allow YOU and only you to access the ACP in order to fix your normal Administrator account, e.g. set a new password so that you can login with your original administrator account.

Once that's done: use your original administrator account to delete Admin1.

As mentioned in one of the other topics you started here: check whether there are other founders and remove founder status from those.

[invenio]

If your admin account was compromised and you are missing posts, it could mean that whoever gained access simply deleted those posts as they would have the administrative capabilities to do that.

At the end of the day, if you are now missing any data, you would want to use your backups to restore the board before the loss. Then make sure your admin account has a very strong password so that another compromise would be unlikely. Make sure your hosting account is maximally protected as well and at the end of the day backup, backup, and backup. Having those backups are critically important.

[thecoalman]

One way you can end up with missing posts is restoring an incomplete backup or if it times out while restoring a complete backup.

Both are caused by php's max_execution_time being reached. It's common to see this on posts and search table because they are typically largest tables increasing the chance that is where it will occur.

Easy way to see if the file is truncated is open it with text editor, the last insert statement should be for the phpbb_zebra table. If it's truncated there is no recourse, it's only good for partial restoration. If it's complete backup you need to increase max_execution_time in php.ini or use SSH.

Kind of regardless of what has happened, you could restore your site from backup on the host.

Caution with this, it's not really your backup but their backup for disaster recovery if for example the server is using RAID5 array and loses two disks. They typically only have one and you could end restoring something that is corrupted depending on when the backup was created.

[abrogard]

thanks for this.

Both are caused by php's max_execution_time being reached. It's common to see this on posts and search table because they are typically largest tables increasing the chance that is where it will occur.

I know nothing about that thing.

I currently have no backups. I plan to install a regime.