eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Earn your money online safely here at eMoneySpace. Dec 04, 2022 09:21 am




Urgent Help -- Hacker changed all the password for all the members
Print
Author Topic: Urgent Help -- Hacker changed all the password for all the members  (Read 6176 times)
asifshabir
Reputation: (+6)
*

Offline

Gender: Male
Posts: 2921
Referrals: 2

View Profile
Dec 28, 2014 02:45 pm

HEllo EMS.

Can someone please give me urgent support.

Someone got access to my site and changed all the password for all the members.

Site: www.*banned*

Any urgent solution is highly appreciated.
Thanks
Logged
demonicsheikh
Reputation: (+34)
*

Offline

Gender: Male
Posts: 7464
Referrals: 0


I am on work leave Amigos.... Leave a PM

View Profile WWW
Reply #1: Dec 28, 2014 04:25 pm

many sites perform security check by changing passwords etc. Reset or let the users reset passwords by forgot password.
Maybe someone here can teach you how to reset all passwords automatically....
Logged

lynnj
Reputation: (+13)
*

Offline

Gender: Male
Posts: 3215
Referrals: 376

Software Engineer

View Profile WWW
Reply #2: Dec 28, 2014 09:18 pm

HEllo EMS.

Can someone please give me urgent support.

Someone got access to my site and changed all the password for all the members.

Site: www.*banned*

Any urgent solution is highly appreciated.
Thanks

I hope you have backups of the db. Cause if he changed it all in the db there is no fix, finding where he injected is vital though. You have a vulnerable form submission somewhere probably.
Logged

PHP/MYSQL developer. Current works in progress Smiley .
Aligroup
Reputation: (+47)
*

Offline

Gender: Male
Posts: 3270
Referrals: 4


Admin Of Buxestia

View Profile WWW
Reply #3: Dec 28, 2014 10:10 pm

there is no any solution to get passwords same as they were. but if u have backup u can replace db with ur backup ed db.
Logged

sammaster
Reputation: (+29)
*

Offline

Gender: Male
Posts: 2057
Referrals: 3

"Great things take time"

View Profile WWW
Reply #4: Dec 28, 2014 10:47 pm


If you're having an old backup, replace in site database password field of user table with the one in backup. You may be able to fix most users this way. For others, you may list a message at login page to change their passwords before login (or redirect them to forgot password page when those usernames try to login before they have changed their passwords). Also, make sure to secure your site from injection attacks especially update your mysql to pdo or mysqli.
Logged

seobux
Reputation: (+1)
*

Offline

Posts: 208
Referrals: 0


Wake up, Neo.

View Profile WWW
Reply #5: Dec 29, 2014 04:22 am

you can execute an SQL query to change all the passwords at once. Then as suggested let your users recover their passwords.
now change DB password, delete all files and folders and re-upload the original files. figure out how they got into your db and fix the vulnerability.
at the end of the day its a good lesson learned.
Logged



If you haven't already joined please do so, and pm me I will help you earn more.
asifshabir
Reputation: (+6)
*

Offline

Gender: Male
Posts: 2921
Referrals: 2

View Profile
Reply #6: Dec 29, 2014 04:59 am

you can execute an SQL query to change all the passwords at once. Then as suggested let your users recover their passwords.
now change DB password, delete all files and folders and re-upload the original files. figure out how they got into your db and fix the vulnerability.
at the end of the day its a good lesson learned.

thanks for the suggestion .. I will do this asap
Logged
MyaSsiNe

Reputation: (0)
*

Offline

Posts: 39
Referrals: 0

View Profile
Reply #7: Dec 29, 2014 06:29 am

(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype
Logged
demonicsheikh
Reputation: (+34)
*

Offline

Gender: Male
Posts: 7464
Referrals: 0


I am on work leave Amigos.... Leave a PM

View Profile WWW
Reply #8: Dec 29, 2014 10:52 am

(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype

You are the hacker Shocked?
Logged

MyaSsiNe

Reputation: (0)
*

Offline

Posts: 39
Referrals: 0

View Profile
Reply #9: Dec 29, 2014 11:22 am

You are the hacker Shocked?

 Roll Eyes
Logged
demonicsheikh
Reputation: (+34)
*

Offline

Gender: Male
Posts: 7464
Referrals: 0


I am on work leave Amigos.... Leave a PM

View Profile WWW
Reply #10: Dec 29, 2014 11:35 am

Roll Eyes

I will take that as no and will let this slide as Language error  Tongue
Logged

asifshabir
Reputation: (+6)
*

Offline

Gender: Male
Posts: 2921
Referrals: 2

View Profile
Reply #11: Dec 29, 2014 12:58 pm

(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype

sent u pm
Logged
crystal32
Reputation: (+6)
*

Offline

Gender: Male
Posts: 189
Referrals: 3


View Profile WWW
Reply #12: Jan 24, 2015 03:06 pm

HE WAS FOR SURE THE HACKER!! and with my site was not much harm done added his offers gave himself some money, you would think with the smarts he has to hack, he could of made a fortune in here the honest way....but sooner put his skills to evil use,,, im very sad at what some people would do, selfish and greedy!

i sat up all night watching new members as they joined, scared to leave my site alone again til my partner got online, very stressful!!!
Logged

donatien
Reputation: (+85)
*

Offline

Posts: 18222
Referrals: 4


I'm not donatien @bitcointalk thank U (‿)凸

View Profile
Reply #13: Jan 26, 2015 10:37 am

s**t script=s**t vulnearbility


Now all  of you PTC owner where is your "strong security system" that you claim in all your template  laugh
Logged
demonicsheikh
Reputation: (+34)
*

Offline

Gender: Male
Posts: 7464
Referrals: 0


I am on work leave Amigos.... Leave a PM

View Profile WWW
Reply #14: Jan 26, 2015 10:42 am

s**t script=s**t vulnearbility


Now all  of you PTC owner where is your "strong security system" that you claim in all your template  laugh

lol 5 dollar script. How it can be secure? Anyway aiman wrote a post about how to secure it.  thumbs up
Logged

Print
 
Jump to:  
Copyright © 2008-2022 eMoneySpace. All rights reserved.