Lodithia Hacked AGAIN!? 12/14/07 [Archive]

View Full Version : Lodithia Hacked AGAIN!? 12/14/07

dc277

12-14-2007, 10:30 PM

Lodithia (http://lodithia.com) ~ Please read the index page. We have ran into a huge problem. Somebody has completely cleared out our database.

emma

12-14-2007, 10:36 PM

Viral told me she takes at least 2 backups a day, so hopefully this will fix up.

I really dont understand why idiots like destroying sites that alot of people enjoy. Whoever the hacker was, go find a job, ride a bike, do something productive instead of making peoples lives harder. o.O

dc277

12-14-2007, 10:38 PM

Well if we gained any new members since the last back-up they will have to reregister.

The hacker COULD be the person who put the cookie grabber in the News. Since I guess only the FTP password was changed, not the Mysql password.

sinthuxgx

12-14-2007, 10:44 PM

that's pretty genius to have the 'hacker' who went ballistic on the site still have the password to the database

dc277

12-14-2007, 10:47 PM

Well the only person to change the password to the database is Jared .Since you need to edit the PMA config file. Lodithia doesn't have access to it.

Andrew

12-14-2007, 10:54 PM

Ack. I need to get back active on the site to help stop this from happening again...

stuffradio

12-14-2007, 11:09 PM

That totally sucks... good luck Lodithia!

OwlManAtt

12-14-2007, 11:33 PM

Or there could have been a SQL injection vector that somebody found.

dc277

12-14-2007, 11:42 PM

Yea, that's what I personally think. But I"m not 100% positive.

Viral

12-15-2007, 12:04 AM

Yeah I have the backups, don't worry :)
I'm also going to do some sleuthing and find out who cleared the database. Then we'll proceed from there.

dc277

12-15-2007, 12:14 AM

How will we figure out who did it? Is there even a way?

Viral

12-15-2007, 12:17 AM

Look at records for query executions. :) Find the IP address, IPWhois the IP address, and go from there.

DB restored, btw.

stuffradio

12-15-2007, 12:50 AM

They probably did like.. what's your username?

Robert'); DROP TABLE users; --

Google that, there is a funny comic strip about sql injection :P

cpvr

12-15-2007, 01:44 AM

How will we figure out who did it? Is there even a way?
Logs are your best friend.

Leon

12-15-2007, 04:32 AM

Good luck Viral... ^^
I'm a complete programming-illiterate, so this may sound foolhardy - and if impossible, disregard - wouldn't it be possible to implement something so you can see their IP on the last-login? o-O; That way, you just have to match the IP to the user and wa-bam. xD
I know on my Runic's cPanel it has the last login's IP, but... :)
Well, good luck =)

dc277

12-15-2007, 09:32 AM

The problem is, is that we don't have cpanel. We only have access to FTP and PMA.

EatRamen

12-15-2007, 09:51 AM

The problem is, is that we don't have cpanel. We only have access to FTP and PMA.

I didn't know that you needed to have CPanel to get IP addresses or to log things.
I do both all the time without it.