Bad Situation~ Need Advice!

Fait

Fait

Seasoned Veteran
Joined
Oct 15, 2010
Messages
4,407
Reaction score
561
FP$
2,054
You Can See The Mood Im In (On My Profile)

Ok, before you say/think why AdminTalk is Offline Please let me explain everything Please also note that this was beyond my control.

First A user registered that will remain unnamed. Next time I look at the site he has 53 Messages, So i went and look at them, Most of them where quality But a few days later I got some graphic pictures sent to my inbox and some weird spam posts on the forums.


As being Staff/Founder you want everything to be moderated succesfully so I warn him but he Kept

contuing so I banned him for A while , 6 hours after this fact A user called Nathan registered asking for staff So 

I gave him A chance, after promoting him He offered that he will buy IPB So at first I thought it was Some  Scam I took backups of the board and gave him A chance to install the IPB Software, 3 days after this He deleted the ipb sent me A message stating *

I Deleted my ipb and vb installistions, this includes your forums database* 
goodluck and goodbye spudster*

*Unnamed emailed you on gmail that he was hacked you dont even bother fixing that out? Will Dont care about him  you can sort him, anyway im off
He was Only Registerd for 2 days carnt be possible)
He also mentioned someones postioning and hacking his dns 


Let Me Know What You Would Do In This Situation

Thanks 🙂
 
There is little to no punctuation here, let alone proper punctuation, so it is very hard to read what you wrote. Care to sum it up or correct it?
 
A user called Nathan registered asking for staff So

I gave him A chance after promoting him.
Click to expand...

That's exactly your problem. When some random person registers and asks to be staff in your Forum, why would you make him a staff?

I had said it many times, but will repeat in another time.

"A person who has qualities to manage a Forum will never beg someone for a Staff position. If someone registers your Forum, and asks to become staff, either he is a scammer, or he is a newbie and going to use your Forum as testing board.

Since you have backup, i would advise you to install a fresh copy of MyBB, import the database backup you have and make your Forum online. And change your Cpanel and Forum login details.
Before you do this, remove any files that are in your hosting server, as he may left some backdoors.
 
Change your passwords too, just for protection.

I don't give anyone I haven't know for a while any decent permissions on my forum moderation wise. Meeting someone and trusting them was a bit stupid 😛 Got his IP?
 
Look, I don't see how this is anyone's fault but your own.
 
Yeah, I have Backups 😀 Im going to use an older one for secuity reasons

Anyway, Managed to get everything Back Online

http://admintalk.net (Moved Hosts, May take 24 hours to change dns servers)
 
Spudster said:
Yeah, I have Backups 😀 Im going to use an older one for secuity reasons

Anyway, Managed to get everything Back Online

http://admintalk.net (Moved Hosts, May take 24 hours to change dns servers)
Click to expand...

How are you using IPboard if he haven't even bought you one?
 
Still Caching Over 😀

Thats the other account he took over luckily the dstabase wasnt there.



Nameservers Still Updating.
 
This is why not to be a guillable and let someone do a big job like that. Lesson of life: trust your cpanel with only you and possibly someone you have extreme trust in.
 
If it were me, I wouldn't have given a staff position to anyone just like that. And for the IPB thing, I always remember TANSTAAFL.
 
That's why you don't give staff positions to total strangers. Quite frankly, you got played.
 
When you run a site, you are in possession of alot of user information. This includes username, passwords (usually hashed) and emails. Users expect you to protect that information when they sign up. Giving out rights like you did is asking for trouble and gives them the opportunity to steal the user information which could be used maliciously. It also allows them to add malicious code to your site in order to steal/log username/password combination which could be used to target other sites that member is part of or their own site. You making a silly decision and trusting someone you shouldn't could have damaging effects to not only your site but other users email accounts and sites they are part of if they use the same password for more then 1 site/forum.

A few tips...

Never give someone you don't know access to cpanel, your forums acp or ftp access. Pick your staff from active members on your forum and don't give them important permissions immediately. Don't give users more permissions then they need. If someone asks you for a staff position be wary. If someone offers you a free IPB license (especially a new user) be very wary. Usually they have no license and either will give you a nulled script (probably with malicious code in it) or it is a way to damage your site or steal user information. If someone does offer you a license, install it yourself (after verifying it is a legit license). If they won't give it to you and say they have to install it, end discussions with the user. Sign that they are intending to do something malicious.

If a user does something to make you suspicious of them, don't make them staff or give them any access to cpanel, your forums acp or ftp access. The forum being destroyed can be undone and sorted. Getting back user information stolen can't be undone and backups can't get that information back out of the wrong hands. If your first thought about something is that it is dodgy then be very wary or even better back off from discussing with the user.

If i was a user of your site, I would be absolutely furious with you and your failure to ensure the security of your forum and the users information. The truth is you seem to not fully understand how to run a forum properly and this has been displayed in the many sites you run and your reputation around. If I were to give someone cpanel access here who asked for access and they stole every users information, spammed all your emails, logged your password and took over your email account and accounts on other sites, would you be angry with me? Yes and quite rightly. I don't mean to be rude here but you really need to understand what it takes to run a forum properly. Take this as a kick up the backside to think properly when running sites. Do you need IPB to run your site? No. It might be better then MyBB in some ways but it is worth giving out your cpanel info, ruining your reputation and your forums reputation and possibly facing issues if the license is nulled or been modified maliciously? Security should be your number one priority. It always should. Alot of people only seem to care about having the latest cool features/software or the best mods. Is it worth your site being hacked and user information being stolen? I have spent countless hours over the years working on keeping user information secure here. Nothing is 100% secure but security is my top priority and I am sure any staff member here past or present will know that. When the likes of Oliver and Tayne were running riot compromising sites and forums left and right, we ourself were largely uneffected... Why? Because we were were very careful and worked hard to monitor what they were up to, how they were doing it and trying to ensure the same wouldn't happen here. We were targeted and we would have been their biggest "achievement" if they did something here like deface the site, steal the database and user info etc with the large size of the forum and the number of active users we have.

I have been here for so many years and I have seen so many forums get destroyed, accounts here compromised, paypal, email, msn, godaddy accounts etc compromised. Alot of these come from someones password being found out and that user using the same password on many sites. No matter however much you tell users, some will always use the same password for nearly everything. Seeing people just handing out their information and putting other peoples accounts and information at risk does really annoy me hence this long post. So many people have such a lax attitude to security and all that does is cause issues not only for yourself but for other people aswell.
 
I see that you were looking for staff then, but if he just registers and asks immediately then you don't know what could happen if you set up maximum permissions for his user group, if someone asks for staff they are most likely going to mess everything up. If you use that extra database you had maybe you can recover some information you had lost, because I noticed most of the posts were lost. Up to this point, you just have to stick with what you have and let it continue from there if you want to convert to IPB. You have to switch to IPB before you can let anything else happen, mainly because you don't want to make the same mistake right now or on IPB. You shouldn't allow new staff to things like that, because they might just mess up your entire forum, making it impossible to turn back. Change all of your passwords to prevent being hacked in the near future.

Good luck!
 
Yeah, Lesson Learnt 😀

Im talking with the host there saying that his performing a dos attack which we are in proccess of mingrating.

My worst foruming mistake
 
This actually was to your control. You never allow a random person to be staff, especially if they randomly ask you. Make sure you at least know the person a little, send an application and then make further decisions.


All I can say now is to restore the databases. Just don't repeat the same mistake again.

Anyways, good luck retrieving your forum 😉
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom