Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
slushpuppeh Posted October 4, 2017 Posted October 4, 2017 Hi, Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4? Is there a way to import an old IPB4 database into a fresh install? Thanks
Pete T Posted October 4, 2017 Posted October 4, 2017 4 hours ago, slushpuppeh said: Hi, Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4? Is there a way to import an old IPB4 database into a fresh install? Thanks When say import guess setting up fresh install then moving item like use to that database ? if so converter may work but officially IPS may not like that answer in terms compromised issue never had issue before due to making sure Admin CP not in /admin and also making it have second password before login to main Admin CP but 4.1.x is lot more secure due to no SQL Database being in Admin CP.
slushpuppeh Posted October 5, 2017 Author Posted October 5, 2017 13 hours ago, Pete T said: When say import guess setting up fresh install then moving item like use to that database ? if so converter may work but officially IPS may not like that answer in terms compromised issue never had issue before due to making sure Admin CP not in /admin and also making it have second password before login to main Admin CP but 4.1.x is lot more secure due to no SQL Database being in Admin CP. Thanks for the reply, unfortunately due to the nature of hooks and applications, it is still relatively easy to plant a rootkit then uninstall the application. I checked the converter, however it doesn't support IPB->IPB conversion. Yes the 3.4 converter made it quite easy to recover from hacks
Faqole Posted October 5, 2017 Posted October 5, 2017 20 hours ago, slushpuppeh said: Hi, Previously on 3.4, you guys had a guide on what to do incase a forum setup has been compromised. What is the procedure for IPB4? Is there a way to import an old IPB4 database into a fresh install? Thanks How exactly was your forum hacked/compromised? You do not need a converter for what you are describing. The easiest way would be to do an upgrade.
slushpuppeh Posted October 5, 2017 Author Posted October 5, 2017 1 hour ago, Faqole said: How exactly was your forum hacked/compromised? You do not need a converter for what you are describing. The easiest way would be to do an upgrade. One of my admins had his computer rootkit. The hacker installed an application but removed it. Luckily IPB shows uninstalled applications at the bottom of the list so we knew he tried to do something. Unfortunately at this rate, we are not 100% sure the rootkit is removed. Previously for IPB 3.4, I would take all public file uploads, remove any .php file, export the db, delete the entire forum directory, install a fresh 3.4 then use IPB Converter to import the old db. But I don't see the aforementioned option working for me as IPB4's converter doesn't support IPB->IPB
Faqole Posted October 6, 2017 Posted October 6, 2017 On 5-10-2017 at 9:56 AM, slushpuppeh said: One of my admins had his computer rootkit. The hacker installed an application but removed it. Luckily IPB shows uninstalled applications at the bottom of the list so we knew he tried to do something. Unfortunately at this rate, we are not 100% sure the rootkit is removed. Previously for IPB 3.4, I would take all public file uploads, remove any .php file, export the db, delete the entire forum directory, install a fresh 3.4 then use IPB Converter to import the old db. But I don't see the aforementioned option working for me as IPB4's converter doesn't support IPB->IPB In that case a thorough checkup of everything is order imho, to make sure that there are no back doors or the likes. You can also ask your host so they can do a check as well on their end. Again, you do not need a converter for that. All you have to do is do a clean re-install and then upgrade.
Jim M Posted October 6, 2017 Posted October 6, 2017 49 minutes ago, Faqole said: Again, you do not need a converter for that. All you have to do is do a clean re-install and then upgrade. If all you're concerned about is your file system (not database) there really is no need to do a clean install. Can just re-upload files from your Client Area over what you have as this will ensure at least the IPS files do not contain any issues. However, you will need to still investigate your uploads directories and anything you have that is not contained in the IPS core files. Which would be the same as a fresh install/upgrade/conversion.
slushpuppeh Posted October 6, 2017 Author Posted October 6, 2017 6 hours ago, Jim M said: If all you're concerned about is your file system (not database) there really is no need to do a clean install. Can just re-upload files from your Client Area over what you have as this will ensure at least the IPS files do not contain any issues. However, you will need to still investigate your uploads directories and anything you have that is not contained in the IPS core files. Which would be the same as a fresh install/upgrade/conversion. Hi @Jim M I am also worried about additional files/rootkits the hijacker may have put into the directory So steps would be: move my uploads directory out delete all the files in my forum directory upload the new site files from client area set the conf to the database move my uploads directory back I should be fine after that?
Jim M Posted October 6, 2017 Posted October 6, 2017 1 minute ago, slushpuppeh said: Hi @Jim M So clear our my forum directory, upload the uploads directory, set the conf to the database and I should be fine yeah? I would not suggest clearing it. You'd just need to upload our files, overwriting what you have on your server. Then inspect for anything outside of our files. If you're clearing out your installation directory you'd need to keep your uploads directory (or directories, depending on your configuration), conf_global.php, constants.php (if you have it) and applications/plugins directories if you have any third party items. Due to this complexity, it is not recommend or really supported if you choose to go this route.
slushpuppeh Posted October 6, 2017 Author Posted October 6, 2017 1 minute ago, Jim M said: I would not suggest clearing it. You'd just need to upload our files, overwriting what you have on your server. Then inspect for anything outside of our files. If you're clearing out your installation directory you'd need to keep your uploads directory (or directories, depending on your configuration), conf_global.php, constants.php (if you have it) and applications/plugins directories if you have any third party items. Due to this complexity, it is not recommend or really supported if you choose to go this route. Thanks @Jim M I hope in the future the IPB->IPB support for converter comes back, that functionality was really helpful
Jim M Posted October 6, 2017 Posted October 6, 2017 Just now, slushpuppeh said: Thanks @Jim M I hope in the future the IPB->IPB support for converter comes back, that functionality was really helpful We are looking at allowing migrating IPS communities into other IPS communities. No real timeline on this just yet.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.