PDA

View Full Version : I think i've been hacked


dj83
June 4th, 2010, 12:39 PM
this morning I am unable to login to my site. I've even tried to change my password and I get a message telling me my email address wasn't found. Is there any other way that I can get back into my site? :(

Chuck S
June 4th, 2010, 01:41 PM
well some more information would be needed for us to respond. integration type etc?

How do you think you have been hacked just because you cant login?

dj83
June 4th, 2010, 02:16 PM
Hi Chuck,

I am using photo post pro 7.2. I haven't changed my password or anything. When I try to log in I keep getting this message "Invalid login. Please check your username and password, or register" then when I try to reset my password I get this message "That address was not found in our records". My site has been up since December of 2009 and i've never had this problem.

Chuck S
June 4th, 2010, 02:55 PM
well might you have used another email?

You can run the install script and select the refresh admin login usergroups option.

dj83
June 4th, 2010, 03:07 PM
i've been using the same email from the very start.

Where do I get the install script?

Chuck S
June 4th, 2010, 03:25 PM
You would get that from the downloaded code in the members area or from your file backups if you saved a copy of your photopost zipfile.

dj83
June 6th, 2010, 05:49 PM
Hello Chuck,

I've looked all on my computer for my original PP zip file but can't find it. I downloaded the latest zip and tried to run the install.php file but it wont open. I also finally figured out what email I used for my site but the new temp passwords isn't working either (i'm locked out of my own site). I really need your help please.

Chuck S
June 6th, 2010, 09:29 PM
what do you mean by install wont run?

http://www.yoursite.com/gallery/install.php

You should see the main install screen.

dj83
June 7th, 2010, 01:26 PM
Chuck,

I'm sorry to bother you again but I tried that with my own url and all I get is a 404 error page. I have no idea what I am doing wrong.

Chuck S
June 7th, 2010, 02:02 PM
Did you upload your install file to your site?

dj83
June 7th, 2010, 05:24 PM
thanks chuck i was able to fix that problem. Now I have another one when I click to view all members in the admin section all of them have my email address. All of this is weird to me. Is there anyway to get their email addresses back to normal?

Chuck S
June 8th, 2010, 08:21 AM
This would tell me the mysql table pp_users would have the same email for all your users somehow


$fusers = ppmysql_query("SELECT userid,username,joindate,posts,email,views FROM {$Globals['pp_db_prefix']}users $srch ORDER BY username LIMIT $startnumb,$perpage",$link);
$posts = mysql_num_rows($fusers);

while ( list( $euserid,$eusername,$joindate,$posts,$email,$views ) = mysql_fetch_row($fusers) )
{



I do not know anything there other than you editing users or they edit themselves and change the email.

dj83
June 8th, 2010, 10:49 AM
Hi Chuck where I do I place that code? I didn't install PP myself so I have no idea.
I didn't edit any users and all 2,179 users are showing my email address as their own. I also found out by all of the emails I got this morning that no one can log in.

Chuck S
June 8th, 2010, 11:39 AM
what I am saying is that code correctly shows me we are pulling the email for users coming from there account so somehow your mysql database has the email for users all yours.

You need to edit each user and put the correct email or have them correct there account.

dj83
June 8th, 2010, 12:13 PM
they can't log in to do it. I have no idea what email addresses they used.

This is how the member list looks right now. I had to edit my url out of the email address on this snapshot since it's a adult site.
http://images12.fotki.com/v540/photos/8/1357288/8557214/02-vi.jpg

Chuck S
June 8th, 2010, 02:09 PM
I understand what your saying I am simply saying there is nowhere I see in our code that can cause that. we are showing you the email on file for there account in your database.

How your email addresses are all the same I can not say but they are like that in your database not our code.

Do you have a backup of your users table that might have right emails in it?

dj83
June 8th, 2010, 02:35 PM
I didn't have this problem until I upgraded from 7.1 to 7.2 about a week ago. User names started changing to my own user name on the site. Then all of a sudden this happened without me messing with any codes or anything. I have no idea if they are backed up or not. :(

Chuck S
June 8th, 2010, 02:55 PM
I dont see anywhere where user emails would be updated on an upgrade. There simply is not a query for that in an upgrade that I see.

The correct action would be to restore a backup of your pp_users table in mysql.

dj83
June 8th, 2010, 04:11 PM
how do I go about doing that Chuck? I am not good at this kind of stuff

Chuck S
June 8th, 2010, 07:36 PM
You have database backups right?

You can view the database backup and just grab all the pp_users stuff and use phpmyadmin to import them. You know how to use phpmyadmin?

dj83
June 8th, 2010, 07:53 PM
No I don't know how to use it. I paid to have PP installed so I don't know anything about this stuff.

dj83
June 8th, 2010, 07:58 PM
Chuck if I send you all of the info can you check this out for me? please
I just don't want to make any mistakes and delete everything.

Chuck S
June 8th, 2010, 07:58 PM
who backs up your files databases and does your normal website maintenance? That person usually a webmaster is the one who does this type of stuff for you.

dj83
June 8th, 2010, 08:08 PM
I normally do the updates but I've never messed with myphpadmin or any other major stuff. I have no idea if my files are backed up. Is there anyway to check?

Thanks for all of your help!

Chuck S
June 9th, 2010, 05:59 AM
well part of normal website management is that you would backup your files and databases. If you have never done this then it is a good conclusion you do not have backups which is bad. Maybe ask your host if you have database backups.

dj83
June 9th, 2010, 12:35 PM
Chuck how do I set up my backup directory? right now it's blank in the pp admin section.

Thanks for your help! You've been very helpful

Chuck S
June 9th, 2010, 01:56 PM
Backup a directory or database?

The best way to backup your classifieds is to use ftp and download the classifieds directory.

To best way to backup your classifieds database is maybe with a cron task like this

Cron and mySQL Database Backups (http://developedtraffic.com/2005/02/26/cron-and-database-backups/)

Or for less technically minded users phpmyadmin is the best way and is usually installed in your webhosting control panel.

As stated if you find a database backup of the pp_users table before your recent upgrade or trouble that would help solve your issue.

dj83
June 9th, 2010, 02:08 PM
I am only using the PP pro software. I don't have classifieds

Chuck S
June 9th, 2010, 04:36 PM
same thing meant to say photopost doesn't matter same thing.