Jump to content

Hijacked forum

Izaya Orihara

By Izaya Orihara
in Technical Problems

Recommended Posts

Izaya Orihara Collaborator

Izaya Orihara

Posted
Posted

So I recently underwent a partnership with a fellow member of the IPS community to combine our sites. Two weeks later, I strongly regret that and I see exactly how stupid I was xD.

He's having a bit of tantrum(claims to have multiple personalities). I discovered that he edited a few user accounts and placed them in my usergroup (Giving them full powers that I had and that he lacked). Quite frankly, I am disappointed that IPS doesn't have a better way to protect the super admin...it seemed way easier on IPB3 but I digress.

So now my site is a bit jacked up and not working.

 

I want to do a clean install of everything....Is this possible?

1. I know one way to do so...Converting to Mybb then converting back to IPB3 and then upgrading back to 4.

But that's time consuming.

2. Is there a way to do a clean/fresh install of EVERYTHING but not mess up posts, topics, etc etc? Like reuplaod IPB4 and what not.


I essentially want to have a clean point before he ever touched ANYTHING.

Link to comment
Share on other sites
GriefCode Collaborator

GriefCode

Posted
Posted
9 hours ago, Izaya Orihara said:

So I recently underwent a partnership with a fellow member of the IPS community to combine our sites. Two weeks later, I strongly regret that and I see exactly how stupid I was xD.

That is something you will experience all the way when you want to merge communities.

I have gone exactly through that step multiply times, and i got experience with 2 kinds of guys:

  • The one who act, change things, update and suggest things
    We had also shared server resources, we were more busy with recovering errors and issues because this one probably replaced code in our own software or simply deleted, we spend hours on realizing this.
  • The one that firstly show different than in the end (what you exactly experienced)
    I had 5 guys which acted like this. 2 were like 'okay lets merge, 1 week later, no i regret it', the 3 others probably acted like a boss on the whole system without earning the respect of my staff and may community.

This should just give some hints in order to stay carefully with such actions.

Also in the internet its really difficult to trust someone, due the fact you cannot personally face him. I one had a guy who wanted to join our development, he showed us a lot of things and "work" he had done. But we discovered really fast that the whole thing were bought from a populaire software marketplace in the net, which forced us to the decision not opening the access for him, which probably resultet that he got mad and showed of the real face.

It is often a good start to research information with whom you decide to merge, since im in a dieing area of games, i look all other communities up which host in my area, and that nearly daily, checking each things, checking posts and how they are made. So if we once merge, i would know exactly what will come up and where i would need to take care off. This is also a bit paranoide, i know, but once you are working with computers or actually develope, you get used into that in order to delivere good software :p

 

Now to your issue :D

  1. The actually forst part would be to block the access for the other guy, if he will access and disturb you while you are trying to recover everything, he can notice it maybe and start to destroy things. So ban him by !IP Range! if you have cloudflare in front, it would be good, since you can setup a simple firewall rule, else use iptables directly on server. Since dynamic IPs, its required to ban IP Ranges to process safe. This means 255.255.0.0 where 0 is * (wildcard).
    http://serverfault.com/questions/592061/block-range-of-ip-addresses
     
  2. Second part, as it has been told by @UKF_HHA to change the member groups. I recommend doing that directly through mysql: 
    UPDATE `core_members` SET `member_group_id` = 3;
UPDATE `core_members` SET `member_group_id` = 4 WHERE `member_id` = 1;

    Commonly the first member is your superadmin account. So grant him access.

  3. Login to the ACP and directly change the password, make sure you don't give any chance for anyone else login during that time.

  4. Check you are safe: ACP -> Members -> Administrators, make sure that only 'Administrators' is in the group.

  5. Do the same for 'Moderators', you don't want to grant other members access which shouldn't have access there.

This 5 steps will probably block everything out that is not in your control.
If you issue any problems, feel free to let me know and i will be happy to assist you further.

Regards

Ps. Check also second member groups....

Link to comment
Share on other sites
TheSonic Community Regular

TheSonic

Posted
Posted

I would also love to see an Option back in the the vBulletin-days "uneditable Users" and "undeleteable Users". You defined them in the a configfile (like constants.php in IPS4) and had no way to edit them in the ACP - so you Need to have Access to the filesystem to alter/delete this users. This was a perfect way to protect "superusers".

Link to comment
Share on other sites
Izaya Orihara Collaborator

Izaya Orihara

Posted
  • Author
Posted
1 hour ago, Michael Schneider said:

That is something you will experience all the way when you want to merge communities.

I have gone exactly through that step multiply times, and i got experience with 2 kinds of guys:

  • The one who act, change things, update and suggest things
    We had also shared server resources, we were more busy with recovering errors and issues because this one probably replaced code in our own software or simply deleted, we spend hours on realizing this.
  • The one that firstly show different than in the end (what you exactly experienced)
    I had 5 guys which acted like this. 2 were like 'okay lets merge, 1 week later, no i regret it', the 3 others probably acted like a boss on the whole system without earning the respect of my staff and may community.

This should just give some hints in order to stay carefully with such actions.

Also in the internet its really difficult to trust someone, due the fact you cannot personally face him. I one had a guy who wanted to join our development, he showed us a lot of things and "work" he had done. But we discovered really fast that the whole thing were bought from a populaire software marketplace in the net, which forced us to the decision not opening the access for him, which probably resultet that he got mad and showed of the real face.

It is often a good start to research information with whom you decide to merge, since im in a dieing area of games, i look all other communities up which host in my area, and that nearly daily, checking each things, checking posts and how they are made. So if we once merge, i would know exactly what will come up and where i would need to take care off. This is also a bit paranoide, i know, but once you are working with computers or actually develope, you get used into that in order to delivere good software :p

 

Now to your issue :D

  1. The actually forst part would be to block the access for the other guy, if he will access and disturb you while you are trying to recover everything, he can notice it maybe and start to destroy things. So ban him by !IP Range! if you have cloudflare in front, it would be good, since you can setup a simple firewall rule, else use iptables directly on server. Since dynamic IPs, its required to ban IP Ranges to process safe. This means 255.255.0.0 where 0 is * (wildcard).
    http://serverfault.com/questions/592061/block-range-of-ip-addresses
     
  2. Second part, as it has been told by @UKF_HHA to change the member groups. I recommend doing that directly through mysql: 
    
UPDATE `core_members` SET `member_group_id` = 3;
UPDATE `core_members` SET `member_group_id` = 4 WHERE `member_id` = 1;

    Commonly the first member is your superadmin account. So grant him access.

  3. Login to the ACP and directly change the password, make sure you don't give any chance for anyone else login during that time.

  4. Check you are safe: ACP -> Members -> Administrators, make sure that only 'Administrators' is in the group.

  5. Do the same for 'Moderators', you don't want to grant other members access which shouldn't have access there.

This 5 steps will probably block everything out that is not in your control.
If you issue any problems, feel free to let me know and i will be happy to assist you further.

Regards

Ps. Check also second member groups....

I actually did a clean install and I am in the process of setting things back up so right now I am the only staff member presently :D

It's a shame that 2 weeks were wasted dealing with his drama(Claiming to have multiple personalities, attacking multiple members, and other creepiness and downright despicable behavior) instead of focusing on the community,

I am just glad he is gone and I no longer have to worry about such an unstable individual on my team.

Thanks for the tips/feedback and thank you as well to @UKF_HHA

 

18 minutes ago, TheSonic said:

I would also love to see an Option back in the the vBulletin-days "uneditable Users" and "undeleteable Users". You defined them in the a configfile (like constants.php in IPS4) and had no way to edit them in the ACP - so you Need to have Access to the filesystem to alter/delete this users. This was a perfect way to protect "superusers".

Exactly. Also

it is so much easier to edit a lot of forums(We have 148 total) and member management on 3.X than it is on 4.X

This guy hijacking my forum was the best thing that could've happened as I was dreading having to do this work on 4.X and now i can use 3.X and reupgrade :D

Link to comment
Share on other sites
  • 2 weeks later...
Ryan Boyd Enthusiast

Ryan Boyd

Posted
Posted
On 10/27/2015, 11:18:28, Izaya Orihara said:

I actually did a clean install and I am in the process of setting things back up so right now I am the only staff member presently :D

It's a shame that 2 weeks were wasted dealing with his drama(Claiming to have multiple personalities, attacking multiple members, and other creepiness and downright despicable behavior) instead of focusing on the community,

I am just glad he is gone and I no longer have to worry about such an unstable individual on my team.

Thanks for the tips/feedback and thank you as well to @UKF_HHA

 

Exactly. Also

it is so much easier to edit a lot of forums(We have 148 total) and member management on 3.X than it is on 4.X

This guy hijacking my forum was the best thing that could've happened as I was dreading having to do this work on 4.X and now i can use 3.X and reupgrade :D

 

You're most welcome buddy

I'm sorry for the late reply, had exams and much to do.

Glad to see a fellow member back and happy running his forums!

Stay safe and know who to trust :)

 

Best regards

UKF

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Upcoming Events

    No upcoming events found
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...