XF 1.3 Server error

[Maxxamillion]

Logged in this evening and i got 'server error, please try again later'

I go to log in and it bring me to that message again

i typed in the admin page in the www bar and i get this

Server Error

Mysqli prepare error: Unknown column 'user.user_id' in 'where clause'

Zend_Db_Statement_Mysqli->_prepare() in Zend/Db/Statement.php at line 115
Zend_Db_Statement->__construct() in Zend/Db/Adapter/Mysqli.php at line 381
Zend_Db_Adapter_Mysqli->prepare() in Zend/Db/Adapter/Abstract.php at line 478
Zend_Db_Adapter_Abstract->query() in Zend/Db/Adapter/Abstract.php at line 753
Zend_Db_Adapter_Abstract->fetchRow() in XenForo/Model/User.php at line 427
XenForo_Model_User->getUserById() in XenForo/ControllerAdmin/Login.php at line 10
XenForo_ControllerAdmin_Login->actionForm() in XenForo/FrontController.php at line 347
XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 134
XenForo_FrontController->run() in /home/thegamer/public_html/admin.php at line 13

any help please

 

[Mike]

It looks like the most fundamental column of the user table has been removed. You will almost certainly need to revert to a backup. The key would be attempting to identify what happened -- I basically couldn't guess as there's nothing in the system that would go near that.

 

[Maxxamillion]

how would i go about reverting it, i wouldnt have a clue how it did this either i tend not to edit things i dont know much about

 

[Amaury]

how would i go about reverting it, i wouldnt have a clue how it did this either i tend not to edit things i dont know much about

Your host may be able to help.

 

[Maxxamillion]

just checked me xf_user table. this is the only user that shows

 

[Paul B]

You will need to contact your host, you appear to have been hacked.

You will need to restore from a backup and also identify how the hacker gained access and stop them from doing so again.

 

[Maxxamillion]

ok thank you and ive no idea how, i even installed the ACP firewall protection

 

[TPerry]

ok thank you and ive no idea how, i even installed the ACP firewall protection

Odds are you have a simple to guess password in use for either cPanel, your SSH login (if you are using a VPS/Dedi) or your normal forum account.
ACP firewall is OK, but I use 2 factor authentication for my administrative accounts on my forums, Keys and 2 factor authentication for my SSH logins and have NO panels in use, mySQL connections to the port are restricted to localhost and no FTP enabled.

In addition, if you are using any other scripts (WordPress, etc) one of the plugins may have a vulnerability.

Also, for future always perform a manual backup after you get your forum fully configured so that you have a base to go back to and then perform regular backups yourself. Not only of the DB but the forum structure itself.

 

[Maxxamillion]

Odds are you have a simple to guess password in use for either cPanel, your SSH login (if you are using a VPS/Dedi) or your normal forum account.
ACP firewall is OK, but I use 2 factor authentication for my administrative accounts on my forums, Keys and 2 factor authentication for my SSH logins and have NO panels in use, mySQL connections to the port are restricted to localhost and no FTP enabled.

In addition, if you are using any other scripts (WordPress, etc) one of the plugins may have a vulnerability.

Also, for future always perform a manual backup after you get your forum fully configured so that you have a base to go back to and then perform regular backups yourself. Not only of the DB but the forum structure itself.

Thanks yes i need to do all of the above to protect my site, my host is doing a full back up for me today so i shall get on it if it can all get sorted today that is

 

[Paul B]

Make sure you change your passwords as soon as the restore is complete.
That applies to everything you have installed, including e.g. WordPress.

 

[Maxxamillion]

Make sure you change your passwords as soon as the restore is complete.
That applies to everything you have installed, including e.g. WordPress.

I have already changed my cpanel pass, not sure what else i would need to change i shall also change my log in when its back up

 

[Paul B]

Yes, change your forum logins and anything else you use to log in to anything on your server.

 

[TPerry]

Thanks yes i need to do all of the above to protect my site, my host is doing a full back up for me today so i shall get on it if it can all get sorted today that is

I would not restore from a backup that is known to be hacked (so no real need for them to do a backup of your existing). Hopefully you had a backup from them already prior to the date this occurred?

 

[Maxxamillion]

Yes, change your forum logins and anything else you use to log in to anything on your server.

will do thanks for all the help

 

[TPerry]

Also, is this a VPS/dedi server or shared hosting? If VPS/dedi (and you are using Debian or Ubuntu) start a convo with me. I can probably help secure it down for you (using keys/2 factor for ssh login, etc).

EDIT: BTW, no fee required. Or you can contact me via my Skype contact in my profile.

 

[Maxxamillion]

I would not restore from a backup that is known to be hacked (so no real need for them to do a backup of your existing). Hopefully you had a backup from them already prior to the date this occurred?

they are doing a back up from the 21st which is prior to anything happening

 

[TPerry]

they are doing a back up from the 21st which is prior to anything happening

OK... they aren't doing a backup.... they are doing a restore.
Offer still stands if it is a VPS or dedicated server.

 

[Maxxamillion]

Site has been restored from the 21st, would like to say thanks for all support and a HUGE thanks to my host Planethippo they have fantastic support