1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Troll 'Hacking'

Discussion in 'Forum Management' started by triforceguy1, Jun 21, 2016.

  1. triforceguy1

    triforceguy1 Active Member

    Okay, so for the past several years, we've had this one guy (or several claiming to be the same person) who come on from time to time to stir up trouble. Earlier in the year, he went a bit further and 'hacked' into a Admin account and basically trashed the forum, which meant we had to back it up (unfortunately the only backup was from several months before).

    I think it was a case of guessing the password correctly, but it still scared the members a lot. It seems that he has returned after the move, but now he's gone for several normal members. The problem is that this guy is always using an anonymous proxy, so there is no way of permanently getting rid of him.

    I am going to try and get everyone to enable two-step, and my host does a weekly backup, but was wondering if anyone else had any advice, or if they have had similar issues? It's frustrating because I spent quite a bit of money on this but I don't one one idiot ruining it.

    Last edited by a moderator: Jun 21, 2016
  2. Steve F

    Steve F Well-Known Member

    Only word of advice I have is don't depend on your host's backups, take some of your own too.
  3. triforceguy1

    triforceguy1 Active Member

    Thing is, I can't, it's a shared server... unless you mean to just download the backups they make, in which case, I do
  4. Steve F

    Steve F Well-Known Member

    You can usually do your own through CPanel if that is what you use.
  5. triforceguy1

    triforceguy1 Active Member

    Ah yes, that's the weekly automated backups they do. Which I download as soon as they become available
  6. whynot

    whynot Well-Known Member

    No, Steve did not mean that.
    He meant that you should do your own backups in cPanel.
  7. triforceguy1

    triforceguy1 Active Member

    The only option the cPanel gives me regarding backups it to download the ones they automatically make. I am unable to backup the databases manually due to how big they are and the fact that I am unable to perform a MySQL dump
  8. whynot

    whynot Well-Known Member

    Install Mysqldumper and backup your database with it.
    Compress your forum's folder in cPanel.
    Download those two files with your FTP client or straight from cPanel.
  9. triforceguy1

    triforceguy1 Active Member

    Shared accounts on Host Gator are not allowed to do that
  10. whynot

    whynot Well-Known Member

    Have a look in your cPanel.
    Click on file manager > Choose your forum's folder > Compress > Zip Archive
    After a while you will find a fresh zip file.
    That contains all your forum's files. Download it to your computer.

    Download MySQLDumper.
    Upload it with your FTP client(such as FileZilla)
    Install it.
    You will be able to backup your databases with it then download them to your computer.
  11. James

    James Well-Known Member

    Make sure that you force two-step verification to access the Admin CP:

    Make sure your staff usergroups have the "require two-step verification" option under General Permissions.
  12. Anthony Parsons

    Anthony Parsons Well-Known Member

    I don't even understand how this could happen, unless you use password as your password. A six digit password using a capital, figure and punctuation, is near impenetrable. i.e. hI&X<3

    Let alone 8 digit password. All mod accounts should have two factor required.

    You can also use something as simple as https://xenforo.com/community/threads/backup-entire-xenforo-install-database-to-amazon-s3.40343/ to backup directly to Amazon S3, which solves many issues to begin with.
  13. triforceguy1

    triforceguy1 Active Member

    The forum used to be on 1.2.2 before I took over, and I think the admin's password was something like the type of car he had or something, which is information that can be obtained pretty easily for a lot of people.

    I already do the first thing you said
    And ah, my mistake, for some reason I thought you were talking about shell access haha
    Installing it as I type, thank you :)

    That's something I'm encouraging member to do. In the past, it wasn't an option as, before I took over, we were on 1.2.2 which is before Two Step was implemented
    Last edited: Jun 21, 2016
  14. triforceguy1

    triforceguy1 Active Member

    Okay, so I have installed the dumper, and I've created a directory protection.
    But when I go to access the MySQL dumper, I get a Forbidden error, any help? (I'm likely putting in something wrong on the url)
  15. whynot

    whynot Well-Known Member

    Temporarily disable the protection.
    Any luck with accessing the dumper?
  16. triforceguy1

    triforceguy1 Active Member

    Yes that's better
    Would you not recommend that I use directory protection?
  17. whynot

    whynot Well-Known Member

    Just use it.
    (On the beginning for a while save the user and password in your browser, will be easier to use it.)
  18. triforceguy1

    triforceguy1 Active Member

    thing is, it doesn't even ask me for a username or password
    Am I right in putting .htaccess at the end of the url?

    Also, I get the following error when I click the backup tab:

    A backup of the system database `information_schema` is not possible! Nevermind fixed the error
  19. gwordz

    gwordz Member

    I too have an old Hostgator shared account and manually make backups through cpanel. Are you saying you don't see the backup wizard option or it is giving you an error? (see pics)
    Another option is The ForumBackup add-on by @SneakyDave.
    cpanel ss1.png cpanel ss2.png
  20. triforceguy1

    triforceguy1 Active Member

    We are talking about making manual backups (not the ones which HostGator make on a weekly basis) I thought the dumper wasn't allowed, but it can be installed on the server and I'm using it now :)

    And I don't really want to rely on automated backups too much as I have a fairly large database, which if there is any time out during export, the structure can get ruined (it's about 800mb)

Share This Page