Deleted topics/Write permissions
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=16217
Printed Date: 13 April 2026 at 9:10pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Deleted topics/Write permissions
Posted By: Pros
Subject: Deleted topics/Write permissions
Date Posted: 15 August 2005 at 11:58am
|
I am an admin at a webwiz forum (7.6). Today someone hacked it and the guy deleted all the forums apart from one (it was password protected). So just a couple of questions:
1) Is it possible to retrieve any of the topics that have been deleted?
2) From reading other posts it looks like i must have write permissions disabled in my forum to make sure this doesn't happen again. Can anyone tell me where i can find the option to disable write permissions?
Any help at all would be appreciated. Thanx
PS: The guy who hacked was called "Warrior Virus" or something similar.
|
Replies:
Posted By: sfd19
Date Posted: 15 August 2005 at 2:50pm
|
1) When you have not made a backup then no.
2) That is no option of WWF, write permissions must be disabled by your hosting provider or by yourself when you are running your own server. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |
Posted By: sfd19
Date Posted: 15 August 2005 at 2:56pm
|
Also the very first thing you must do is upgrading to 7.92
7.6 has several vulnerabilites and it is very easy for hackers to google the phrase "Powered by Web Wiz Forums version 7.6" in order to find such boards and to hack them. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |
Posted By: ToJaRo
Date Posted: 15 August 2005 at 3:52pm
|
1) Only if you were doing regular backups of your DB 2) Write permissions are enabled and disabled at the OS level. If you run your own server then it is on the security tab of the properties of the web folder. If you run Windows 2003 i highly recommend upgrading to SP1 and running the Security Configuration Wizard.
See the posts at:
http://forums.webwiz.net/forum_posts.asp?TID=15780&PN=2&TPN=2 - http://forums.webwiz.net/forum_posts.asp?TID=15780&PN=2&TPN=2
As with all software make sure you keep it up to date.  ------------- ToJaRo http://www.thesoupbone.com - The SoupBone Community |
Posted By: JJLatWebWiz
Date Posted: 15 August 2005 at 4:43pm
|
What was special about the password protected forum that would cause a hacker to leave it alone?
To try answer your questions:
1) Highly improbably. Unless you or your host a backup copy.
2) Your host's control panel should offer some means of changing the folder and file permissions. It's a matter of setting the anonymous web user account (IUSR_<servername>), to "read-only" permissions.
I think the MDB needs to be in a folder that the anonymous user can read and write. Hopefully someone will correct me if I'm wrong, but I would suggest you test it yourself. The anonymous user must be able to create, read from and write to the .ldb file, as well as read and write on the .mdb. So, I would put that file in a folder by itself with special permissions unique to that file. With the exception of the "uploads" folder and the mdb folder, there's no reason the rest of the forum (or your entire site) should have anything other than read-only.
You could also put the mdb in a folder above the wwwroot, but your host may not allow that.
|
Posted By: Pros
Date Posted: 15 August 2005 at 4:53pm
|
i appreciate the help guys but because i'm just an admin on the site my hands are a bit tied. If i get the chance i'll upgrade. But right now the guy has deleted everything including our members and our admin can't even log in.
 http://youth.ibn.net/forum/default.asp - http://youth.ibn.net/forum/default.asp
^incase anyone wants to see the damage
|
Posted By: sfd19
Date Posted: 15 August 2005 at 6:14pm
|
You can do nothing when you do not have server access. When you have not made any backups yourself then ask your host if they make daily backups and even when you are not the registered site owner ask them to keep the 2 or 3 latest backups before the hack of your database. Some hosts might charge some dollars for it but it would be worth paying because without a backup your forums data would be entirely lost. The hosts backup might be your only (theoretical) chance to recover your forum. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |