Advertisement:

Author Topic: Retrieve data from hacked forum  (Read 2373 times)

Offline G1ZmO

  • Semi-Newbie
  • *
  • Posts: 17
Retrieve data from hacked forum
« on: June 25, 2011, 11:25:05 AM »
Dear all,

My web-host let me know that my forum had been hacked and reset my account losing 6 years of our forum (SMF 1.1.14). I do have a backup of the forum from a few days before the account was reset but our host said it was a very bad idea to restore it.

What i have done is installed SMF 1.1.14 on my server at home and intended to restore the backup to there. However, most of the threads I've read say that I need to use phpMyAdmin to restore the backup. I don't have phpMyAdmin installed on my home server. Is there no way I can do a restore without installing this? Getting kinda out of my depth here tbh :)

I have recreated our forum at our host but used the SMF 2 version instead but our users were asking if there were certain posts and/or boards that we could have restored (even if it means copy/pasting the plain text back into the new forum to avoid the hacked code)

Could someone advise me please?

Thanks

Paul

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Retrieve data from hacked forum
« Reply #1 on: June 25, 2011, 12:41:14 PM »
what type of backup do you currently have? it is usually easier to restore a database backup with phpmyadmin then trying to use the commandline if you are not used to using it.

Offline G1ZmO

  • Semi-Newbie
  • *
  • Posts: 17
Re: Retrieve data from hacked forum
« Reply #2 on: June 25, 2011, 01:59:13 PM »
I'm pretty sure the last SMF backup was tables and structure

It extracts to a 6meg xxxxxxxxx_smf1-complete_2011-06-17.sql file

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Retrieve data from hacked forum
« Reply #3 on: June 25, 2011, 02:21:13 PM »
if you use clean files and reconnect to that database there should be no risk at all. if you use the existing files and connect to the existing database it may cause issues.

Offline G1ZmO

  • Semi-Newbie
  • *
  • Posts: 17
Re: Retrieve data from hacked forum
« Reply #4 on: June 25, 2011, 02:35:01 PM »
I don't intend to restore the backup to the new hosted forum (ver 2)

Just want to restore the backup to a local server at home to retrieve some of the posts

Am I better to install phpmyadmin to do that locally?

Thx

Paul

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Retrieve data from hacked forum
« Reply #5 on: June 25, 2011, 03:25:02 PM »
yes it would be easier to install phpmyadmin

Offline Yazan Asied

  • Semi-Newbie
  • *
  • Posts: 15
  • Gender: Male
    • Best PTC & PTR Programs
Re: Retrieve data from hacked forum
« Reply #6 on: June 25, 2011, 06:45:28 PM »
Try this local server
http://www.wampserver.com/ [nofollow]
it is very simple and easy to adjust

Online Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,760
  • Master of BBC Abuse
Re: Retrieve data from hacked forum
« Reply #7 on: June 25, 2011, 07:39:36 PM »
I don't intend to restore the backup to the new hosted forum (ver 2)

Just want to restore the backup to a local server at home to retrieve some of the posts

Frankly it would be easier to just restore the database.

Offline G1ZmO

  • Semi-Newbie
  • *
  • Posts: 17
Re: Retrieve data from hacked forum
« Reply #8 on: June 26, 2011, 04:31:27 AM »
That was my original plan but my host support advised against it as they said there was a lot of code injected into the forum and that would also be present in the backup file thus reinfecting the forum if it was restored.

How likely would that be do you think?

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Retrieve data from hacked forum
« Reply #9 on: June 26, 2011, 06:14:48 AM »
if your backup of the database was from before the attack and you use fresh files there should be no issues.

Offline G1ZmO

  • Semi-Newbie
  • *
  • Posts: 17
Re: Retrieve data from hacked forum
« Reply #10 on: June 26, 2011, 08:59:31 AM »
No I'm afraid not.

My host said that it looked like it had been hacked some time ago

Quote from hoster "Yes, your account has been frequently trying to hack into our server. We caught it running a shell script on Monday night which attempted to take control of the server. This is a very serious matter.
I've looked into your account and it would appear that your SMF forum was hacked at some point in 2009 and the hacker injected a lot of code into your database."


Odd that it took the hoster 2 years to realise there was a problem. The forum users didn't have any functionality issues.

So, I really dont want to risk restoring the backup to the hosted account. I'll try to do it locally and save some of the more important posts.

Will try phpMyAdmin

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,286
Re: Retrieve data from hacked forum
« Reply #11 on: June 26, 2011, 09:00:51 AM »
most likely they only got your files, you can check your database backup. i would also suggest you look for a better host that does not as easily allow hacking.