Jump to content

Hacked recovery guide?


slushpuppeh

Recommended Posts

Posted

Hi,

   Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4?

Is there a way to import an old IPB4 database into a fresh install?

Thanks

Posted
4 hours ago, slushpuppeh said:

Hi,

   Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4?

Is there a way to import an old IPB4 database into a fresh install?

Thanks

When say import guess setting up fresh install then moving item like use to that database ? if so converter may work but officially IPS may not like that answer in terms compromised issue never had issue before due to making sure Admin CP not in /admin and also making it have second password before login to main Admin CP but 4.1.x is lot more secure due to no SQL Database being in Admin CP.

Posted
13 hours ago, Pete T said:

When say import guess setting up fresh install then moving item like use to that database ? if so converter may work but officially IPS may not like that answer in terms compromised issue never had issue before due to making sure Admin CP not in /admin and also making it have second password before login to main Admin CP but 4.1.x is lot more secure due to no SQL Database being in Admin CP.

Thanks for the reply, unfortunately due to the nature of hooks and applications, it is still relatively easy to plant a rootkit then uninstall the application.

I checked the converter, however it doesn't support IPB->IPB conversion.

Yes the 3.4 converter made it quite easy to recover from hacks

Posted
20 hours ago, slushpuppeh said:

Hi,

   Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4?

Is there a way to import an old IPB4 database into a fresh install?

Thanks

How exactly was your forum hacked/compromised?

You do not need a converter for what you are describing. The easiest way would be to do an upgrade.

Posted
1 hour ago, Faqole said:

How exactly was your forum hacked/compromised?

You do not need a converter for what you are describing. The easiest way would be to do an upgrade.

One of my admins had his computer rootkit. The hacker installed an application but removed it. Luckily IPB shows uninstalled applications at the bottom of the list so we knew he tried to do something. Unfortunately at this rate, we are not 100% sure the rootkit is removed.

Previously for IPB 3.4, I would take all public file uploads, remove any .php file, export the db, delete the entire forum directory, install a fresh 3.4 then use IPB Converter to import the old db. But I don't see the aforementioned option working for me as IPB4's converter doesn't support IPB->IPB

Posted
On 5-10-2017 at 9:56 AM, slushpuppeh said:

One of my admins had his computer rootkit. The hacker installed an application but removed it. Luckily IPB shows uninstalled applications at the bottom of the list so we knew he tried to do something. Unfortunately at this rate, we are not 100% sure the rootkit is removed.

Previously for IPB 3.4, I would take all public file uploads, remove any .php file, export the db, delete the entire forum directory, install a fresh 3.4 then use IPB Converter to import the old db. But I don't see the aforementioned option working for me as IPB4's converter doesn't support IPB->IPB

In that case a thorough checkup of everything is order imho, to make sure that there are no back doors or the likes. You can also ask your host so they can do a check as well on their end.

 

Again, you do not need a converter for that. All you have to do is do a clean re-install and then upgrade. 

Posted
49 minutes ago, Faqole said:

Again, you do not need a converter for that. All you have to do is do a clean re-install and then upgrade. 

If all you're concerned about is your file system (not database) there really is no need to do a clean install. Can just re-upload files from your Client Area over what you have as this will ensure at least the IPS files do not contain any issues. However, you will need to still investigate your uploads directories and anything you have that is not contained in the IPS core files. Which would be the same as a fresh install/upgrade/conversion.

Posted
6 hours ago, Jim M said:

If all you're concerned about is your file system (not database) there really is no need to do a clean install. Can just re-upload files from your Client Area over what you have as this will ensure at least the IPS files do not contain any issues. However, you will need to still investigate your uploads directories and anything you have that is not contained in the IPS core files. Which would be the same as a fresh install/upgrade/conversion.

Hi @Jim M  I am also worried about additional files/rootkits the hijacker may have put into the directory So steps would be:

  1. move my uploads directory out
  2. delete all the files in my forum directory
  3. upload the new site files from client area
  4. set the conf to the database
  5. move my uploads directory back

I should be fine after that?

Posted
1 minute ago, slushpuppeh said:

Hi @Jim M So clear our my forum directory, upload the uploads directory, set the conf to the database and I should be fine yeah?

I would not suggest clearing it. You'd just need to upload our files, overwriting what you have on your server. Then inspect for anything outside of our files.

If you're clearing out your installation directory you'd need to keep your uploads directory (or directories, depending on your configuration), conf_global.php, constants.php (if you have it) and applications/plugins directories if you have any third party items. Due to this complexity, it is not recommend or really supported if you choose to go this route.

Posted
1 minute ago, Jim M said:

I would not suggest clearing it. You'd just need to upload our files, overwriting what you have on your server. Then inspect for anything outside of our files.

If you're clearing out your installation directory you'd need to keep your uploads directory (or directories, depending on your configuration), conf_global.php, constants.php (if you have it) and applications/plugins directories if you have any third party items. Due to this complexity, it is not recommend or really supported if you choose to go this route.

Thanks @Jim M I hope in the future the IPB->IPB support for converter comes back, that functionality was really helpful

Posted
Just now, slushpuppeh said:

Thanks @Jim M I hope in the future the IPB->IPB support for converter comes back, that functionality was really helpful

We are looking at allowing migrating IPS communities into other IPS communities. No real timeline on this just yet.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...