asifshabir
Reputation:
( +6)
Offline
Gender: 
Posts: 2921
Referrals: 2
|
 |
Dec 28, 2014 02:45 pm |
|
HEllo EMS.
Can someone please give me urgent support.
Someone got access to my site and changed all the password for all the members.
Site: www.*banned*
Any urgent solution is highly appreciated.
Thanks
|
|
|
|
|
Logged
|
|
|
|
demonicsheikh
Reputation:
( +34)
Offline
Gender:
Posts: 7464
Referrals: 0
I am on work leave Amigos.... Leave a PM
|
|
Reply #1: Dec 28, 2014 04:25 pm |
|
many sites perform security check by changing passwords etc. Reset or let the users reset passwords by forgot password.
Maybe someone here can teach you how to reset all passwords automatically....
|
|
|
|
|
Logged
|
|
|
|
lynnj
Reputation:
( +13)
Offline
Gender:
Posts: 3215
Referrals: 376
Software Engineer
|
|
Reply #2: Dec 28, 2014 09:18 pm |
|
HEllo EMS.
Can someone please give me urgent support.
Someone got access to my site and changed all the password for all the members.
Site: www.*banned*
Any urgent solution is highly appreciated.
Thanks
I hope you have backups of the db. Cause if he changed it all in the db there is no fix, finding where he injected is vital though. You have a vulnerable form submission somewhere probably. |
|
|
|
|
Logged
|
PHP/MYSQL developer. Current works in progress  . |
|
|
Aligroup
Reputation:
( +47)
Offline
Gender:
Posts: 3270
Referrals: 4
Admin Of Buxestia
|
|
Reply #3: Dec 28, 2014 10:10 pm |
|
there is no any solution to get passwords same as they were. but if u have backup u can replace db with ur backup ed db.
|
|
|
|
|
Logged
|
|
|
|
sammaster
Reputation:
( +29)
Offline
Gender:
Posts: 2057
Referrals: 3
"Great things take time"
|
|
Reply #4: Dec 28, 2014 10:47 pm |
|
If you're having an old backup, replace in site database password field of user table with the one in backup. You may be able to fix most users this way. For others, you may list a message at login page to change their passwords before login (or redirect them to forgot password page when those usernames try to login before they have changed their passwords). Also, make sure to secure your site from injection attacks especially update your mysql to pdo or mysqli.
|
|
|
|
|
Logged
|
|
|
|
seobux
Reputation:
( +1)
Offline
Posts: 208
Referrals: 0
Wake up, Neo.
|
|
Reply #5: Dec 29, 2014 04:22 am |
|
you can execute an SQL query to change all the passwords at once. Then as suggested let your users recover their passwords.
now change DB password, delete all files and folders and re-upload the original files. figure out how they got into your db and fix the vulnerability.
at the end of the day its a good lesson learned.
|
|
|
|
|
Logged
|
 If you haven't already joined please do so, and pm me I will help you earn more. |
|
|
asifshabir
Reputation:
( +6)
Offline
Gender:
Posts: 2921
Referrals: 2
|
|
Reply #6: Dec 29, 2014 04:59 am |
|
you can execute an SQL query to change all the passwords at once. Then as suggested let your users recover their passwords.
now change DB password, delete all files and folders and re-upload the original files. figure out how they got into your db and fix the vulnerability.
at the end of the day its a good lesson learned.
thanks for the suggestion .. I will do this asap |
|
|
|
|
Logged
|
|
|
|
MyaSsiNe
Reputation:
( 0)
Offline
Posts: 39
Referrals: 0
|
|
Reply #7: Dec 29, 2014 06:29 am |
|
(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype
|
|
|
|
|
Logged
|
|
|
|
demonicsheikh
Reputation:
( +34)
Offline
Gender:
Posts: 7464
Referrals: 0
I am on work leave Amigos.... Leave a PM
|
|
Reply #8: Dec 29, 2014 10:52 am |
|
(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype
You are the hacker  ? |
|
|
|
|
Logged
|
|
|
|
MyaSsiNe
Reputation:
( 0)
Offline
Posts: 39
Referrals: 0
|
|
Reply #9: Dec 29, 2014 11:22 am |
|
You are the hacker ?
 |
|
|
|
|
Logged
|
|
|
|
demonicsheikh
Reputation:
( +34)
Offline
Gender:
Posts: 7464
Referrals: 0
I am on work leave Amigos.... Leave a PM
|
|
Reply #10: Dec 29, 2014 11:35 am |
|
I will take that as no and will let this slide as Language error  |
|
|
|
|
Logged
|
|
|
|
asifshabir
Reputation:
( +6)
Offline
Gender:
Posts: 2921
Referrals: 2
|
|
Reply #11: Dec 29, 2014 12:58 pm |
|
(firstly sorry for bad english)
i enter to your site and try to hack it and see if it is secure from SQL inj and other problemes .... but its not safe and any hacker can access to it
i know exactly your problem about changing passwords... and other... i can help you to make your site very strong
PM me or contact me via skype: yassine.addi98
i prefer skype
sent u pm |
|
|
|
|
Logged
|
|
|
|
crystal32
Reputation:
( +6)
Offline
Gender:
Posts: 189
Referrals: 3
|
|
Reply #12: Jan 24, 2015 03:06 pm |
|
HE WAS FOR SURE THE HACKER!! and with my site was not much harm done added his offers gave himself some money, you would think with the smarts he has to hack, he could of made a fortune in here the honest way....but sooner put his skills to evil use,,, im very sad at what some people would do, selfish and greedy!
i sat up all night watching new members as they joined, scared to leave my site alone again til my partner got online, very stressful!!!
|
|
|
|
|
Logged
|
|
|
|
donatien
Reputation:
( +85)
Offline
Posts: 18222
Referrals: 4
I'm not donatien @bitcointalk thank U (¬‿¬)凸
|
|
Reply #13: Jan 26, 2015 10:37 am |
|
s**t script=s**t vulnearbility
Now all of you PTC owner where is your "strong security system" that you claim in all your template 
|
|
|
|
|
Logged
|
|
|
|
demonicsheikh
Reputation:
( +34)
Offline
Gender:
Posts: 7464
Referrals: 0
I am on work leave Amigos.... Leave a PM
|
|
Reply #14: Jan 26, 2015 10:42 am |
|
s**t script=s**t vulnearbility Now all of you PTC owner where is your "strong security system" that you claim in all your template
lol 5 dollar script. How it can be secure? Anyway aiman wrote a post about how to secure it.  |
|
|
|
|
Logged
|
|
|
|
|
Topic: Urgent Help -- Hacker changed all the password for all the members (Read 6182 times)