rct2·com

Those 2 post extracts seem to directly contradict one another? :unsure:

Almost GroundHog Day :)

There IS a certain amount of havoc that cam be wreaked if Admins and Moderators accounts are compromised, however. And at the end of the day, they are just 'users'.

Agreed, but part of the reason for not wanting member passwords and accounts to be hacked, is not just to protect the whole board, but also to avoid Admins/Moderators from being considered untrustworthy. Such suspicion can undermine confidence in a forum/community, however much Admins can point at MD5 and pas_salt and pass_hash. So it's not just about protecting the board from hacks (low risk), it's about protecting the admins from suspicion (higher risk) and the members from themselves (highest risk) :)

Amen Amen, my original suggestion was designed to have the CAPABILITY but to make it enforceable at the AdminCP's discretion.

This topic reminds me of something I suggested in August 2007. As you'll see, it wasn't well received. :lol:

+1. Quite surprised to see that there is no way of archiving them (to PDF, HTML, MS Word) either.

Calendar is a nice simple application, but with enough features (skin, language, cache, database, permissions) to make it a good model for writing your own applications. If only it had some profile and settings features...

It's unusual for hackers to be so destructive. Normally they just like to 'brag' by altering a page or posting an announcement for example. I hope those guys had a backup.

I think there are so many from one IP address because the spiders are programmed to multithread/multitask. They don't have to wait for the response from one before they fire off another request. I often have Yahoo for example hitting me simultaneously from the same IP address.

I think you'll find that it is proably spiders crawling your site (even though you suggest that it isn't). Have you checked out who the IPs belong to? http://ws.arin.net/whois/ http://www.db.ripe.net/whois I think that there is a topic here somewhere (or maybe an article at resources) about constructing a robots.txt file that focuses spiders on topics and posts, stops them trying to reply etc.

That's a lot of information to review and take in before responding. I got as far as the 4th line. I'd suggest that you should wait a bit longer before deciding whether to act on the mysqltuner output. For example, your board may be MUCH busier at weekends, or month end. You need more empirical data before deciding what action to take, otherwise you'll be forever fiddling with the settings for different times of the day/week/month. I'd also suggest that you only change one or two settings at a time. Most changes affect the memory footprint, so that a change in one area can dramatically affect another. I have a 'hit list' somewhere of the most important MySQL settings to change first, I'll see if I can dig it out.

The fact that such a script exists is not really the issue. Now if this topic included instructions on how to 'inject' that script onto a site through a vulnerability in IPS product, then I agree we should all be worried and screaming for the topic to be removed.

I think that is a good place to be. It's more about Server Management than MySQL though. In my experience of being hacked, the hackers generally don't damage anything, they just do it for 'fun', then brag to their friends, give links etc. But they frequently leave at least 1 'payload' behind. There are at least 3 types. I cannot recommend a single utility to look for all this kind of stuff. Over the years I have just learned Linux command line commands to look for the signs and get rid of them. As a general rule of thumb you need to search for files that have been created/modified since the date/timestamp of when you think that the attack took place. The hackers target files/folders that are world writable, and that they can access through a URL. Such files have normally been created/modified by a script they have managed to upload through an exploit, and (since the script runs as a URL) the files normally belong to user apache, group apache. Edit: The best way to find out how they got in is to look in your server access and error logs. [*]Edit some of your web pages so they are serving up ads/adware/malware/viruses to your visitors [*]leave an IRC bot running so they can use your mail server to generate spam [*]leave a 'rootkit' behind (for example r57shell.php) so that they can easily get back onto your server after you have plugged the exploit.

As I say, my article is a little out of date. The scripts I now use replace every php file that WRITES to the database with a 'please come back later' page. In the case of IP.Board, replacing index.php stops anybody carrying out any IP.Board database reading/writing, such as posting, registering, PMing etc. Other parts of my site may have pages that access other databases, but not the IP.Board database.

Do you have a dedicated server? If not, you need to contact your host. That 'INFORMATION_SCHEMA' is a MySQL system database, and nothing to do with IPB. Somebody with mysql root admin access may be able to repair the table, but if they fail, it looks fairly terminal. I don't know the product you're using to do the backup, maybe other products wouldn't try to access this system table and would allow you to rescue some of the non-system database tables allowing you to reinstall after the MySQL system tables have been rebuilt?

I use a shell script (scheduled by crontab) that temporarily replaces the forum index.php with a 'come back later' page then runs mysqldump, before reinstating the index.php page. There is a link in my sig to an article about this, although admittedly, the article is a bit out of date now.

:unsure: What leads you to draw that conclusion? :unsure: Why put extra load on the server if its unnecessary. There must be reasons for using Apache versus lightttpd.

I'm pretty sure that when viewing new content prior to v3.0 of IPB, if I clicked the icon it would take me to the last UNREAD post, but if I clicked on the last post in the TOPIC. but now both clicks take me to the last post. Why is this? And wouldn't it just be a skin change to change it back?

That requires changes to the database design, and possibly code changes. Unless it's referring to your own code, there is little you can safely do about it.

File location depends on the server configuration. In MySQL every database table consists of at least two files, one for the data, and one for the indexes.

Assuming you are using MySQL, I recommend that you start by reading this article http://dev.mysql.com/doc/refman/5.1/en/full-table.html

Nice to see people offering advice instead of just asking questions. +1 :) May be worth pasting this as an article at resources.invisionpower.com?

I have been very successful tuning mySQL by using mysqltuner.com I used it over about 6 weeks, reviewing the recommendations [and applying them] evry other day for the first week, then weekly after that.