UBB.threads PHP Forum Software Community Forums UBB.threads 6 Version 6 Support Serious Database Attack

Hi guys, I badly need your help.

Our database has been hacked. I don't know how did this happen but most of our data has been replaced with garbage! For example in the users table -> email field, I can see email addresses has been altered with this garbage..

{||{oend|i@urffpvd.whqt
|{{|em54@4rfp}vrq.wh
{||{dfgq_|dp8q88k@wrdpolf.pr
|}}|dddshfy@zir-oqql.hrfm
}||}}gdm}}h@udkwlonqq.wh
{{{{rEG|ydgl21@3d|rk.rrfx.k

Now it's not only the users table that has been affected. The hacker has targeted ramdom table fields and replaced the data with garbage. Display names, titles, descriptions etc.. has been ramdomly replaced. I don't know how to fix this. Please help... <img src="https://www.ubbcentral.com/boards/images/graemlins/frown.gif" alt="" />

Two things - first of all do you have a backup? If so then you can easily restore your database. However unless you are secure they will probably return.

You will need to update your passwords to your database, and make sure that you are running the latest version on threads (6.5.4).

Also ensure that any other scripts you might run are secure and updated.

This may sound funny but we don't have a backup <img src="https://www.ubbcentral.com/boards/images/graemlins/frown.gif" alt="" /> . This was only handed to us recently because the former administrator left for the US. Yes we will upgrade to 6.5.4 but do you think the database is recoverable? I showed some specimen of the garbage to an online contact and she was able to decode the garbage back to it's original state. The problem is, her asking fee is too high. Did anybody here experience the same problem before? Or maybe can somebody show me a link to decode the garbage?

Your server should also have an automatic, daily, weekly, and monthly backup.... right?

I was hoping for that too but there's nothing setup in the server which really makes my life a living hell. All I have right now is a 1 year old backup of the database which is probably worth nothing by now since it's size is like 9% compared to the current database. I think the only solution would be to reverse the effect that this hacker had done. We already edited some user information and other details back to normal but these are the ones which we personally know. The remaining which consists of the majority of the database we can not revert... Please help.

Is there someone here who can revert these to normal and maybe send me the link to the decrypting program?

{||{oend|i@urffpvd.whqt
|{{|em54@4rfp}vrq.wh
{||{dfgq_|dp8q88k@wrdpolf.pr
|}}|dddshfy@zir-oqql.hrfm
}||}}gdm}}h@udkwlonqq.wh
{{{{rEG|ydgl21@3d|rk.rrfx.k

for free?... <img src="https://www.ubbcentral.com/boards/images/graemlins/smile.gif" alt="" />

Just curious, do you know what these scrambled e-mails were before?

We have the equivalent of the few but most of them we don't. We only get the equivalent by checking out the unscrambled "name" field to the old database and compare their email field to the current database. Some of them we know personally so that's a bonus. Like this one we know the equivalent {||{qlrij@2rksolf.pr but that's it. We don't have any other ways to revert the scrambled data..

Well, maybe if you take all the known email adresses and put them against their scrambled equivalents you might start seeing patterns?

Yes I can do that... but there are other fields in the database which are also scrambled but do not have anything to compare with... like for example URLs, titles and description. That's why I'm searching for a decryptor program which can revert the damage to original state... Oh by the way, how can I upgrade to 6.5.4? The ex admin of our site have the license of the program and he's hard to reach as of now. Is there other way to download and install the program?

Thanks

It is unlikely that different algorithm was used on other fields, so if you can figure it using e-mails you can apply it to other fields.