Deleted topics/Write permissions

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Pros Members Profile Find Members Posts Newbie Joined: 15 August 2005 Status: Offline Points: 4	Post Options Post Reply Quote Pros Report Post Thanks(0) Quote Reply Topic: Deleted topics/Write permissions Posted: 15 August 2005 at 11:58am
	I am an admin at a webwiz forum (7.6). Today someone hacked it and the guy deleted all the forums apart from one (it was password protected). So just a couple of questions: 1) Is it possible to retrieve any of the topics that have been deleted? 2) From reading other posts it looks like i must have write permissions disabled in my forum to make sure this doesn't happen again. Can anyone tell me where i can find the option to disable write permissions? Any help at all would be appreciated. Thanx PS: The guy who hacked was called "Warrior Virus" or something similar.

sfd19 Members Profile Find Members Posts Senior Member Joined: 20 December 2004 Status: Offline Points: 263	Post Options Post Reply Quote sfd19 Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 2:50pm
	1) When you have not made a backup then no. 2) That is no option of WWF, write permissions must be disabled by your hosting provider or by yourself when you are running your own server.
	Politics, economy & social issues: StudentsforDemocracy.net

sfd19 Members Profile Find Members Posts Senior Member Joined: 20 December 2004 Status: Offline Points: 263	Post Options Post Reply Quote sfd19 Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 2:56pm
	Also the very first thing you must do is upgrading to 7.92 7.6 has several vulnerabilites and it is very easy for hackers to google the phrase "Powered by Web Wiz Forums version 7.6" in order to find such boards and to hack them.
	Politics, economy & social issues: StudentsforDemocracy.net

ToJaRo Members Profile Find Members Posts Groupie Joined: 20 April 2005 Location: United States Status: Offline Points: 158	Post Options Post Reply Quote ToJaRo Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 3:52pm
	1) Only if you were doing regular backups of your DB 2) Write permissions are enabled and disabled at the OS level. If you run your own server then it is on the security tab of the properties of the web folder. If you run Windows 2003 i highly recommend upgrading to SP1 and running the Security Configuration Wizard. See the posts at: http://forums.webwiz.net/forum_posts.asp?TID=15780&PN=2&TPN=2 As with all software make sure you keep it up to date.
	ToJaRo The SoupBone Community

JJLatWebWiz Members Profile Find Members Posts Groupie Joined: 02 March 2005 Location: United States Status: Offline Points: 136	Post Options Post Reply Quote JJLatWebWiz Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 4:43pm
	What was special about the password protected forum that would cause a hacker to leave it alone? To try answer your questions: 1) Highly improbably. Unless you or your host a backup copy. 2) Your host's control panel should offer some means of changing the folder and file permissions. It's a matter of setting the anonymous web user account (IUSR_<servername>), to "read-only" permissions. I think the MDB needs to be in a folder that the anonymous user can read and write. Hopefully someone will correct me if I'm wrong, but I would suggest you test it yourself. The anonymous user must be able to create, read from and write to the .ldb file, as well as read and write on the .mdb. So, I would put that file in a folder by itself with special permissions unique to that file. With the exception of the "uploads" folder and the mdb folder, there's no reason the rest of the forum (or your entire site) should have anything other than read-only. You could also put the mdb in a folder above the wwwroot, but your host may not allow that.

Pros Members Profile Find Members Posts Newbie Joined: 15 August 2005 Status: Offline Points: 4	Post Options Post Reply Quote Pros Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 4:53pm
	i appreciate the help guys but because i'm just an admin on the site my hands are a bit tied. If i get the chance i'll upgrade. But right now the guy has deleted everything including our members and our admin can't even log in. http://youth.ibn.net/forum/default.asp ^incase anyone wants to see the damage

sfd19 Members Profile Find Members Posts Senior Member Joined: 20 December 2004 Status: Offline Points: 263	Post Options Post Reply Quote sfd19 Report Post Thanks(0) Quote Reply Posted: 15 August 2005 at 6:14pm
	You can do nothing when you do not have server access. When you have not made any backups yourself then ask your host if they make daily backups and even when you are not the registered site owner ask them to keep the 2 or 3 latest backups before the hack of your database. Some hosts might charge some dollars for it but it would be worth paying because without a backup your forums data would be entirely lost. The hosts backup might be your only (theoretical) chance to recover your forum.
	Politics, economy & social issues: StudentsforDemocracy.net

Post Reply

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum