|
Joined: Nov 2004
Posts: 198
Member
|
Member
Joined: Nov 2004
Posts: 198 |
Okay, this has turned into a bit of a disaster. In another thread, I explained how SQL keeled over due to 9meg post some moron was able to make. I was able to fix that by editing the post text manually and removing most of the rubbish. I thenL 1. removed the old tables as instructed. 2. Closed both boards 3. relaunched the import 4. and of now it's still running BUT A. The forums are now somehow OPEN: B. people have loged in C. me an two other Admins can't login to re close the boards (I suspect those logged in made new accounts) D. Someone named the forums "I EAT MY OWN POOP" <-- What do I do?
Member since November 2004 Gold Member since Feb 2008
|
|
|
|
Joined: Jun 2006
Posts: 9,242 Likes: 1
Former Developer
|
Former Developer
Joined: Jun 2006
Posts: 9,242 Likes: 1 |
Did you already give the URL to the new forums before the import was done? What happens is the very first user to register is the admin user, so someone registered before any of your users were imported and became an admin.
Personally, I'd recommend starting over, either in a new unknown directory, or if that's not possible, put it behind some .htaaccess file that requires authentication before you can get to anything in the directory to keep unwanted people away.
|
|
|
|
Joined: Nov 2004
Posts: 198
Member
|
Member
Joined: Nov 2004
Posts: 198 |
I've started all over, with a new home directory for ubb in hopes that posters won't be able to find it.
All I can think is that the permissions we too permissive. The insteructions say read, write, execute, and delete. Those are dandy for unix I suppose, but what exactly are the permissions for Windows?
For instance, in windows you have: Full Modify Read & Execute List Folder Contents Read Write
So when the instructions say: read, write, execute, and delete Is that in Windows terms:
Modify Read & Execute List Folder Contents Read Write ?
Is Delete modify? Also, "List Folder Contents" is turned on automatically when you turn on "Read & Execute" ..
So orignally, I had set Modify, Read & Execute, List Folder, Contents, Read, and Write to satisfy the instructions. I however now think that maybe these were too permissive and that's how someone got in there and hacked my board.
Any help here would be greatly appriciated.
Member since November 2004 Gold Member since Feb 2008
|
|
|
|
Joined: Nov 2004
Posts: 198
Member
|
Member
Joined: Nov 2004
Posts: 198 |
Did you already give the URL to the new forums before the import was done? What happens is the very first user to register is the admin user, so someone registered before any of your users were imported and became an admin. omg! LOL! Haha .. yeah .. please put that in huge bold somewhere. If I announce my boards are going offline, and /forums and /ubbthreads are common knowledge, then we can all expect to be hacked. Better yet, have some file you modify during install to create the admin, or maybe use the database login .. heh, something. Anywho .. yeah .. I've totally started over, given my home directory a secret name.
Last edited by luket; 02/03/2007 3:03 PM.
Member since November 2004 Gold Member since Feb 2008
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
There was a gallery software I used once that required you upload a file with a random string in order to create your admin user...
|
|
|
|
Joined: Nov 2004
Posts: 198
Member
|
Member
Joined: Nov 2004
Posts: 198 |
Yep, that or just force the creation during setup. Then the admin could merge that new account with his old admin account if she was importing *waves hands*
Member since November 2004 Gold Member since Feb 2008
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
1 members (Ruben),
1,248
guests, and
268
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|