hacked - help me get back

Topic:	hacked - help me get back
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 17:13	yeah http://www.911eyewitness.com/truth Yeah, we debunked the government and they crippled the site. Now I have to rebuild. Please help? I have several database backups. The problem is that the stupid service will not let me just make the old one empty and put the good data back in. I cant figure out why. In mysqladmin you can clear all the fields after an install (I even went and reinitialized all the stuff before hand), cleared the database of everything, and then try to suck the structure/data back into it and it just does not go in? Errors. So I tried to get another account on another server. Built out another PostNuke, tried to get the data in, no good, it says data is wrong (but the SQL is older on the newer guys, so there you go). So, how do you fresh install and then put the whole datastructure/data back into a site? I am at a loss? Is there a way to just take the new structure and input each of the pieces of data by hand, then do it? I just dont want to loose all the data, it is in there, and I want it online. PLEASE HELP! -- OnlineTV \|MusicTV \|MovieTV
ainigma32 Professional Posts: 958 Posted: 1.Feb 2006 - 17:50	First of all, if you got hacked you need to get rid of all the files you had on the server. So get rid of them and place new ones (possibly form backup). Next change all your passwords. A few questions: How did you try to read the dump back into the DB? What version MySQL are you running? And what version PN? Of course you could just install a fresh new site and copy the data by hand but I would use that only as a last resort.
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 18:05	post nuk 0761 comes from mysql 4.1.12 (I have another site with 4.1.14) if those are the numbers from the data dumps. I don't know what to do at all with the 911eyewitness. The other sites of mine they crapped they were on better servers and they could only get to the hosts dns to block out all the services (so the host got screwed ) but my sites did not come up - and only the dns for my sites on that dnserver for my host. Then on a completely other host (cause it is the production company for the video I did) hosts the 911eyewitness.com/truth site and they went in through the forum and disabled the site somehow. I have old backups and ones from after the hack. I have only data/structure backups from SQL, and theme backups etc. So, I guess you are saying delete the whole directory, rebuild it from scratch with all new installs, patches, redo it. So that I actually did. Now I cant get the backup.sql to go back into the new setup. I also could not get the dump to go into a 4.1.14 installation and I think the database is screwed. So, how can I place the data in by hand? There was so much stuff in that database that was sort of important to the people that think the USA is becoming a police state. So, it has a lot of enemies. It is really horrifying. Thanks I am working on it. What next? -- OnlineTV \|MusicTV \|MovieTV
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 18:58	I am building a brand new site, on a new URL, with a new database. I am just not remembering how to put the data back into a fresh install from an old site? I think I have only upgraded. Well, any suggestion? -- OnlineTV \|MusicTV \|MovieTV
ainigma32 Professional Posts: 958 Posted: 1.Feb 2006 - 19:05	Ok what data would you like to restore? If you take a look at backup.sql (should be a plain text file) you will see entries like this: Code -- -- Table structure for table `pn_stories` -- CREATE TABLE `pn_stories` ( `pn_sid` int(11) NOT null auto_increment, `pn_catid` int(11) NOT null default '0', `pn_aid` varchar(30) NOT null default '', `pn_title` varchar(255) default null, `pn_time` datetime default null, `pn_hometext` text, `pn_bodytext` text NOT null, `pn_comments` int(11) default '0', `pn_counter` mediumint(8) unsigned default null, `pn_topic` tinyint(4) NOT null default '1', `pn_informant` varchar(20) NOT null default '', `pn_notes` text NOT null, `pn_ihome` tinyint(1) NOT null default '0', `pn_themeoverride` varchar(30) NOT null default '', `pn_language` varchar(30) NOT null default '', `pn_withcomm` tinyint(1) NOT null default '0', `pn_format_type` tinyint(1) unsigned NOT null default '0', PRIMARY key (`pn_sid`) ) ENGINE=MyISAM default CHARSET=latin1; -- -- Dumping data for table `pn_stories` -- INSERT INTO `pn_stories` VALUES (1,0,'2','Test story','2005-12-14 14:38:51','Just a test story to see how it looks','bla bla bla bla ',0,2,1,'Admin','',0,'','',1,0), (2,0,'2','Another story','2005-12-15 00:04:12','And this time we add some more text .<br />\r\nBla.','bla.',0,21,1,'Admin','Some notes.',0,'','',1,0), (3,0,'2','Linux as a topic','2005-12-15 00:15:56','See if the topic image is ok this way. Bla bla.','Bla bla .',0,41,2,'Admin','Bla.',0,'','',1,0); If you have setup the site from scratch and you have a clean DB and you want to restore the news items you can just execute the insert statement from backup.sql and the stories should be back. The one thing you should be careful of is dependant tables. In the case of News stories I would recommend restoring the Topics and User table as well. HTH
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 21:32	OK, this is strange for me. I did that manual thing. Sometimes doing 1900 instructions at a time. I got the feel of the "create table" and then put in the data. So, I just did the whole data dump in pieces and it went in. I have not tested it yet because I have to wait for the IP numbers to settle on the new site (I took your advice further than you gave and got a new domain and IP and host and software and database etc). In the end I will clean the other and have a backup ready at any time for the next round of attacks (they will only get worse). OK, so when the IP comes back I will have all the same modules loaded and clean. Now do I go through installs on them? Let them Create a database, blank it out, and input the data (or the whole dump from the other one) or just go through the inserts by hand? Its stories and the forum (PNphpBB2) that are important. I have the themes and graphics, they can always go in. Cant I just tar gzip a whole site take the database and put it anywhere? Do I need to install? (I know I do this time but normally)? -- OnlineTV \|MusicTV \|MovieTV
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 22:10	I think the thing I am having most problem would be the access to the database in config.php as it encrypts the data. So I need somehow to let that happen so that the site can access the database? Would I do that by installing first, then deleting the records and restoring the backup? -- OnlineTV \|MusicTV \|MovieTV
Topiatic Professional Posts: 1680 Posted: 1.Feb 2006 - 22:29	Compress site and dump data with maybe a tweak to config.php is all I've ever needed... and I do it regularily as a backup from unix to windows (linux - win32) and MySQL3 - 4. Ok this may seem obvious but you never stated what the errors you got were, so just to get rid of the obviously not mentioned yet, did you perhaps dump it to create the DB and maybe getting errors becouse your trying to insert into an existing DB? Also you mentioned upgrading somewere above... the dump has to go back into the same version/backup of PN that it came from. Sorry if I'm covering what is obvious to you, but I've seen that kind of thing around here before. -- Under Construction!
onlinetv Freshman Posts: 39 Posted: 1.Feb 2006 - 23:16	No, no problem, I am doing a lot of things, trying everything, so it is easy to get confused, happy you are keeping up and helping. I am making 2 new sites (they are this site in 2 places) One will always be up. So, I have to be able to keep good backups so that when one gets hacked, I can get the other up as fast as possible, clean the other and get it ready to take over when the they hack it again (I just will not believe they will not get me again). So. I have just made a fresh site. I installed (like fresh) all the same packages, but no data yet (except what was original). So I should be able to go through each section and just use the inserts (without the creates) and get a perfect site now????...??? Then I will export it both as a data/schema and data alone for backups. And suck that into the other site when I get that ready. I got time out errors uploading te 1.8meg file, but in parts it would work. I did not understand it, but ONLY with this database from a certain hosting service. All the other ones I use the files just go in fine and there is only the tweeking for the access. Is there some trick to get the config.php so that it can move with different passwords and database names as I change servers? I only have one server lets me assign names and that makes it hard. What I am wondering is why I cant tar/gzip the site. Copy it elsewhere. export the data, make same name pass etc database on another server and suck that data in and use it? Will it connect? I tried that and it could not connect to the database. different /usr/lib function or something. Mainly I think the SQL on this old server these people picked just is miserable and somehow no one else likes those files. I have had no problems with 2 other providers I use in moving these databases around. What I have not been able to do is get them to work by tar/gzip moving and uploading the databases - it is that final name tweeking and geting the encrypted part into the config -- OnlineTV \|MusicTV \|MovieTV
Topiatic Professional Posts: 1680 Posted: 1.Feb 2006 - 23:56	Quote So. I have just made a fresh site. I installed (like fresh) all the same packages, but no data yet (except what was original). So I should be able to go through each section and just use the inserts (without the creates) and get a perfect site now????...??? Almost... for the core stuff yes, but for any third party mods thier tables havn't been created yet so you'll want to create those as you go along (ya I know that will seem obvious when you run into it) As for the config file I believe you can put dbpass and uname in plain text if you set encoded to 0. I'm not possative3, but i believe PSAK will encrypt it for you once it works. Hope that helps -- Under Construction!

Topic:

hacked - help me get back

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 17:13

yeah
http://www.911eyewitness.com/truth

Yeah, we debunked the government and they crippled the site. Now I have to rebuild. Please help?

I have several database backups. The problem is that the stupid service will not let me just make the old one empty and put the good data back in. I cant figure out why. In mysqladmin you can clear all the fields after an install (I even went and reinitialized all the stuff before hand), cleared the database of everything, and then try to suck the structure/data back into it and it just does not go in? Errors.

So I tried to get another account on another server. Built out another PostNuke, tried to get the data in, no good, it says data is wrong (but the SQL is older on the newer guys, so there you go).

So, how do you fresh install and then put the whole datastructure/data back into a site? I am at a loss?

Is there a way to just take the new structure and input each of the pieces of data by hand, then do it? I just dont want to loose all the data, it is in there, and I want it online. PLEASE HELP!

--
OnlineTV |MusicTV |MovieTV

ainigma32

Professional

Posts: 958

Posted:
1.Feb 2006 - 17:50

First of all, if you got hacked you need to get rid of all the files you had on the server. So get rid of them and place new ones (possibly form backup). Next change all your passwords.

A few questions: How did you try to read the dump back into the DB? What version MySQL are you running? And what version PN?

Of course you could just install a fresh new site and copy the data by hand but I would use that only as a last resort.

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 18:05

post nuk 0761 comes from mysql 4.1.12 (I have another site with 4.1.14) if those are the numbers from the data dumps.

I don't know what to do at all with the 911eyewitness. The other sites of mine they crapped they were on better servers and they could only get to the hosts dns to block out all the services (so the host got screwed ) but my sites did not come up - and only the dns for my sites on that dnserver for my host. Then on a completely other host (cause it is the production company for the video I did) hosts the 911eyewitness.com/truth site and they went in through the forum and disabled the site somehow. I have old backups and ones from after the hack. I have only data/structure backups from SQL, and theme backups etc.

So, I guess you are saying delete the whole directory, rebuild it from scratch with all new installs, patches, redo it. So that I actually did. Now I cant get the backup.sql to go back into the new setup.

I also could not get the dump to go into a 4.1.14 installation and I think the database is screwed. So, how can I place the data in by hand? There was so much stuff in that database that was sort of important to the people that think the USA is becoming a police state. So, it has a lot of enemies. It is really horrifying.

Thanks I am working on it. What next?

--
OnlineTV |MusicTV |MovieTV

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 18:58

I am building a brand new site, on a new URL, with a new database. I am just not remembering how to put the data back into a fresh install from an old site? I think I have only upgraded.

Well, any suggestion?

--
OnlineTV |MusicTV |MovieTV

ainigma32

Professional

Posts: 958

Posted:
1.Feb 2006 - 19:05

Ok what data would you like to restore? If you take a look at backup.sql (should be a plain text file) you will see entries like this:

Code

-- 
-- Table structure for table `pn_stories`
-- 

CREATE TABLE `pn_stories` (
  `pn_sid` int(11) NOT null auto_increment,
  `pn_catid` int(11) NOT null default '0',
  `pn_aid` varchar(30) NOT null default '',
  `pn_title` varchar(255) default null,
  `pn_time` datetime default null,
  `pn_hometext` text,
  `pn_bodytext` text NOT null,
  `pn_comments` int(11) default '0',
  `pn_counter` mediumint(8) unsigned default null,
  `pn_topic` tinyint(4) NOT null default '1',
  `pn_informant` varchar(20) NOT null default '',
  `pn_notes` text NOT null,
  `pn_ihome` tinyint(1) NOT null default '0',
  `pn_themeoverride` varchar(30) NOT null default '',
  `pn_language` varchar(30) NOT null default '',
  `pn_withcomm` tinyint(1) NOT null default '0',
  `pn_format_type` tinyint(1) unsigned NOT null default '0',
  PRIMARY key  (`pn_sid`)
) ENGINE=MyISAM default CHARSET=latin1;

-- 
-- Dumping data for table `pn_stories`
-- 

INSERT INTO `pn_stories` VALUES 
(1,0,'2','Test story','2005-12-14 14:38:51','Just a test story to see how it looks','bla bla bla bla ',0,2,1,'Admin','',0,'','',1,0),
(2,0,'2','Another story','2005-12-15 00:04:12','And this time we add some more text .<br />\r\nBla.','bla.',0,21,1,'Admin','Some notes.',0,'','',1,0),
(3,0,'2','Linux as a topic','2005-12-15 00:15:56','See if the topic image is ok this way. Bla bla.','Bla bla .',0,41,2,'Admin','Bla.',0,'','',1,0);

If you have setup the site from scratch and you have a clean DB and you want to restore the news items you can just execute the insert statement from backup.sql and the stories should be back.

The one thing you should be careful of is dependant tables. In the case of News stories I would recommend restoring the Topics and User table as well.

HTH

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 21:32

OK, this is strange for me. I did that manual thing. Sometimes doing 1900 instructions at a time. I got the feel of the "create table" and then put in the data. So, I just did the whole data dump in pieces and it went in. I have not tested it yet because I have to wait for the IP numbers to settle on the new site (I took your advice further than you gave and got a new domain and IP and host and software and database etc). In the end I will clean the other and have a backup ready at any time for the next round of attacks (they will only get worse).

OK, so when the IP comes back I will have all the same modules loaded and clean. Now do I go through installs on them? Let them Create a database, blank it out, and input the data (or the whole dump from the other one) or just go through the inserts by hand?

Its stories and the forum (PNphpBB2) that are important. I have the themes and graphics, they can always go in.

Cant I just tar gzip a whole site take the database and put it anywhere? Do I need to install? (I know I do this time but normally)?

--
OnlineTV |MusicTV |MovieTV

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 22:10

I think the thing I am having most problem would be the access to the database in config.php as it encrypts the data. So I need somehow to let that happen so that the site can access the database? Would I do that by installing first, then deleting the records and restoring the backup?

--
OnlineTV |MusicTV |MovieTV

Topiatic

Professional

Posts: 1680

Posted:
1.Feb 2006 - 22:29

Compress site and dump data with maybe a tweak to config.php is all I've ever needed... and I do it regularily as a backup from unix to windows (linux - win32) and MySQL3 - 4.

Ok this may seem obvious but you never stated what the errors you got were, so just to get rid of the obviously not mentioned yet, did you perhaps dump it to create the DB and maybe getting errors becouse your trying to insert into an existing DB? Also you mentioned upgrading somewere above... the dump has to go back into the same version/backup of PN that it came from.

Sorry if I'm covering what is obvious to you, but I've seen that kind of thing around here before.

--
Under Construction!

onlinetv

Freshman

Posts: 39

Posted:
1.Feb 2006 - 23:16

No, no problem, I am doing a lot of things, trying everything, so it is easy to get confused, happy you are keeping up and helping.

I am making 2 new sites (they are this site in 2 places) One will always be up. So, I have to be able to keep good backups so that when one gets hacked, I can get the other up as fast as possible, clean the other and get it ready to take over when the they hack it again (I just will not believe they will not get me again). So. I have just made a fresh site. I installed (like fresh) all the same packages, but no data yet (except what was original). So I should be able to go through each section and just use the inserts (without the creates) and get a perfect site now????...???

Then I will export it both as a data/schema and data alone for backups. And suck that into the other site when I get that ready.

I got time out errors uploading te 1.8meg file, but in parts it would work. I did not understand it, but ONLY with this database from a certain hosting service. All the other ones I use the files just go in fine and there is only the tweeking for the access.

Is there some trick to get the config.php so that it can move with different passwords and database names as I change servers? I only have one server lets me assign names and that makes it hard.

What I am wondering is why I cant tar/gzip the site. Copy it elsewhere. export the data, make same name pass etc database on another server and suck that data in and use it? Will it connect? I tried that and it could not connect to the database. different /usr/lib function or something.

Mainly I think the SQL on this old server these people picked just is miserable and somehow no one else likes those files. I have had no problems with 2 other providers I use in moving these databases around. What I have not been able to do is get them to work by tar/gzip moving and uploading the databases - it is that final name tweeking and geting the encrypted part into the config

--
OnlineTV |MusicTV |MovieTV

Topiatic

Professional

Posts: 1680

Posted:
1.Feb 2006 - 23:56

Quote

So. I have just made a fresh site. I installed (like fresh) all the same packages, but no data yet (except what was original). So I should be able to go through each section and just use the inserts (without the creates) and get a perfect site now????...???

Almost... for the core stuff yes, but for any third party mods thier tables havn't been created yet so you'll want to create those as you go along (ya I know that will seem obvious when you run into it)

As for the config file I believe you can put dbpass and uname in plain text if you set encoded to 0. I'm not possative3, but i believe PSAK will encrypt it for you once it works.

Hope that helps

--
Under Construction!