As most of you know the CSS Forum was hacked.
If you run or know someone that runs a phpBB forum make sure it gets updated.
The hacker gained admin access to phpBB, sent out email to many of the members and caused minor disturbance to the forum by deleting a forum from the database.
I still can't believe I didn't notice straight away that the CSS Layout forum was deleted along with the moderator groups.
Everything should be back to normal now, I have restored the database and upgraded phpBB.
We lost a day or so postings from the CSS Layout forum, but overall came out of it pretty well.
Thanks to everyone that PM, posted or emailed to notifying me of the problems.
What version are you now running, Tony, and did you have to reinstall the attachments mod? Also - you have made some major template changes, how did that work out?
I'm running the latest version, 2.013.
I used the changed file method and went manually through each of the changed files and compared it with the old file.
Then copied each of the Mods to the new file, or the other way depending on which file had the most changes.
It really didn't take too long since I have commented most of the changes or mods made.
Then I test it locally before uploading the files.
Restoring the Missing Data
I had a backup of the whole site from cpanel from two days before.
So I extracted the sql query which was 144 MB, quite large, then copied the sections for the tables required into another file.
I ended up with insert querys for the forums, posts, posts_text, topics, and ranks tables.
Since MySQL ignores or throws up an error, if the Primary Key from an insert already exists, I didn't have to filter for just the rows missing.
The sql file was still about 30 MB but much easier on the server.
Again I tested it locally and found I had forgotten to tell mysql which database to use.
So I put "use my_phpbbdb" at the top of the file, I could have just changed database from the prompt.
Then I uploaded it and logged onto mySQL on the server and ran "source /path/filename.sql" from the prompt.
I guess this was the admin exploit that so many phpbb forums are falling foul of, I noticed that the support forums are recommending that people .htaccess password protect their admin folder for an added layer of security, thought I'd mention it just in case, although I'm sure I'm teaching my grandmother to suck eggs
That's really sick!
Congrats for getting out of alright!
Wow, all I have to say is that you did a great job.
There is no full proof way to safe guard against attacks. If there's a will there's a way (DVD ripping, Music Stealing, Robberies, Murders, Assasinations... you get the picture).
And Tony, are you going to upgrade to v3 right away, or are you going to wait? Just wondering what is in store for cssCreator.
Very good question,
Usually it's wise to wait a while when new software is released, so that others can sort out the bugs.
On the other hand if it is a security release or bug fix it would be wise to upgrade straight away.
I haven't looked at V3 but if it is a new feature release, I will be waiting a week or possible longer.
I can just picture the cracker now.
"I hacked a forum! I caused minor mayhem!"
*giggles and runs away
Bunch of losers. I can't understand the destructive nature of some people.
very smart attitude...
especially for a forum defending no political position, which not sell anything and which is just here to help people...