• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Troll 'Hacking'

#1
Okay, so for the past several years, we've had this one guy (or several claiming to be the same person) who come on from time to time to stir up trouble. Earlier in the year, he went a bit further and 'hacked' into a Admin account and basically trashed the forum, which meant we had to back it up (unfortunately the only backup was from several months before).

I think it was a case of guessing the password correctly, but it still scared the members a lot. It seems that he has returned after the move, but now he's gone for several normal members. The problem is that this guy is always using an anonymous proxy, so there is no way of permanently getting rid of him.

I am going to try and get everyone to enable two-step, and my host does a weekly backup, but was wondering if anyone else had any advice, or if they have had similar issues? It's frustrating because I spent quite a bit of money on this but I don't one one idiot ruining it.

Leon
 
Last edited by a moderator:
#7
No, Steve did not mean that.
He meant that you should do your own backups in cPanel.
The only option the cPanel gives me regarding backups it to download the ones they automatically make. I am unable to backup the databases manually due to how big they are and the fact that I am unable to perform a MySQL dump
 

whynot

Well-known member
#10
Shared accounts on Host Gator are not allowed to do that
Have a look in your cPanel.
Click on file manager > Choose your forum's folder > Compress > Zip Archive
After a while you will find a fresh zip file.
That contains all your forum's files. Download it to your computer.

Download MySQLDumper.
Upload it with your FTP client(such as FileZilla)
Install it.
You will be able to backup your databases with it then download them to your computer.
 

James

Well-known member
#11
Make sure that you force two-step verification to access the Admin CP:
admin.php?options/list/acp#_adminRequireTfa

Make sure your staff usergroups have the "require two-step verification" option under General Permissions.
 

Anthony Parsons

Well-known member
#12
Earlier in the year, he went a bit further and 'hacked' into a Admin account and basically trashed the forum
I don't even understand how this could happen, unless you use password as your password. A six digit password using a capital, figure and punctuation, is near impenetrable. i.e. hI&X<3

Let alone 8 digit password. All mod accounts should have two factor required.

You can also use something as simple as https://xenforo.com/community/threads/backup-entire-xenforo-install-database-to-amazon-s3.40343/ to backup directly to Amazon S3, which solves many issues to begin with.
 
#13
I don't even understand how this could happen, unless you use password as your password. A six digit password using a capital, figure and punctuation, is near impenetrable. i.e. hI&X<3

Let alone 8 digit password. All mod accounts should have two factor required.

You can also use something as simple as https://xenforo.com/community/threads/backup-entire-xenforo-install-database-to-amazon-s3.40343/ to backup directly to Amazon S3, which solves many issues to begin with.
The forum used to be on 1.2.2 before I took over, and I think the admin's password was something like the type of car he had or something, which is information that can be obtained pretty easily for a lot of people.

Have a look in your cPanel.
Click on file manager > Choose your forum's folder > Compress > Zip Archive
After a while you will find a fresh zip file.
That contains all your forum's files. Download it to your computer.

Download MySQLDumper.
Upload it with your FTP client(such as FileZilla)
Install it.
You will be able to backup your databases with it then download them to your computer.
I already do the first thing you said
And ah, my mistake, for some reason I thought you were talking about shell access haha
Installing it as I type, thank you :)

Make sure that you force two-step verification to access the Admin CP:
admin.php?options/list/acp#_adminRequireTfa

Make sure your staff usergroups have the "require two-step verification" option under General Permissions.
That's something I'm encouraging member to do. In the past, it wasn't an option as, before I took over, we were on 1.2.2 which is before Two Step was implemented
 
Last edited:
#14
Okay, so I have installed the dumper, and I've created a directory protection.
But when I go to access the MySQL dumper, I get a Forbidden error, any help? (I'm likely putting in something wrong on the url)
 

whynot

Well-known member
#15
Okay, so I have installed the dumper, and I've created a directory protection.
But when I go to access the MySQL dumper, I get a Forbidden error, any help? (I'm likely putting in something wrong on the url)
Temporarily disable the protection.
Any luck with accessing the dumper?
 
#18
Just use it.
(On the beginning for a while save the user and password in your browser, will be easier to use it.)
thing is, it doesn't even ask me for a username or password
Am I right in putting .htaccess at the end of the url?

Also, I get the following error when I click the backup tab:

A backup of the system database `information_schema` is not possible! Nevermind fixed the error
 
#20
I too have an old Hostgator shared account and manually make backups through cpanel. Are you saying you don't see the backup wizard option or it is giving you an error? (see pics)
Another option is The ForumBackup add-on by @SneakyDave.
View attachment 136287 View attachment 136288
We are talking about making manual backups (not the ones which HostGator make on a weekly basis) I thought the dumper wasn't allowed, but it can be installed on the server and I'm using it now :)

And I don't really want to rely on automated backups too much as I have a fairly large database, which if there is any time out during export, the structure can get ruined (it's about 800mb)