Skip to:
Content
Pages
Categories
Search
Top
Bottom

All member info and login gone!

Viewing 22 replies - 1 through 22 (of 22 total)

  • chrishajer
    Participant

    @chrishajer

    With a tool to look at the database, like phpMyAdmin, can you see if the table is still there?

    harrismarineblog.wp_lvtwfff_usermeta

    The lvtwff looks a little weird: did you really use wp_lvtwfff_ as your table prefix?


    brad_langdon
    Member

    @brad_langdon

    I dont even know what lvtwff means?

    How would I go about checking to see if the table is still there?


    brad_langdon
    Member

    @brad_langdon

    I just checked and the tables are still there.

    I have no idea what has gone wrong.


    John James Jacoby
    Keymaster

    @johnjamesjacoby

    Check your wp-config.php file, and search for “$table_prefix”

    I’ve got $5 that says you accidentally typed “ltvwff” next to it. :)


    chrishajer
    Participant

    @chrishajer

    So, this table exists: wp_lvtwfff_usermeta

    or this one: wp_usermeta

    ?

    bbPress is looking for wp_lvtwfff_usermeta, but if it’s really named wp_usermeta bbPress won’t find it and will give the error you showed.


    brad_langdon
    Member

    @brad_langdon

    Thanks for the help guys…

    Turns out the forum was looking for “wp_lvtwfff_usermeta” and the table was actually called “wp_lvtwff_usermeta” so there was an “f” missing.

    I don’t know why, I haven’t touched the site for months and nothing has been changed so why would it start looking for a different table? Or maybe the table name was changed somehow?

    Does anyone have any idea how or why this could happen?


    brad_langdon
    Member

    @brad_langdon

    Does it mean someone has actually changed the info or does it somehow change on it’s own???


    chrishajer
    Participant

    @chrishajer

    Computers don’t change files on their own, without direction.


    brad_langdon
    Member

    @brad_langdon

    So that means someone has been tampering with it then?

    It’s a bit late for it, but you could have checked the ‘last edited’ timestamp on that file.

    As is, check your bbPress (and WP if integrated) for any users with weird access levels. See if anything else is weird. Change your passwords, too.


    brad_langdon
    Member

    @brad_langdon

    There is only myself and the actual clients that have admin privelages.

    I changed my log in but was really hoping to find out what has happened here.

    Is there some kind of activity log in the phpmyadmin section that would show all activity over the last week or so?


    chrishajer
    Participant

    @chrishajer

    Do you think the config file was changed or the name of the table was changed? Or I guess the record where the table prefix is stored *in* the database?


    brad_langdon
    Member

    @brad_langdon

    That’s the thing, I have no idea which one was changed, all I got was the error and then I noticed that the table and the table that bbpress was looking for were named differently.

    I guess it is almost impossible to figure out what happened when I don’t know which was changed.

    I am guessing that if someone was tampering with it that it would be easier to tamper with the config file than the actual database?


    chrishajer
    Participant

    @chrishajer

    Do you have any database backups or filesystem backups, or even old copies, that you could compare to? Ipstenu is correct about changing passwords, since you can’t tell now what happened. Change the FTP password, SSH, database, .htaccess, SCP, control panel at the host, etc. Lots to change to be sure.


    brad_langdon
    Member

    @brad_langdon

    Dammit I overwrote my last backup with a back up that I did as soon as I fixed this problem a few days ago!

    I guess that will teach me a lesson…

    OK I will change all passwords but no one else knew them anyway so if someone was able to get into the system somehow won’t they be able to do it again?


    brad_langdon
    Member

    @brad_langdon

    Also thank you for your help Chris (again)

    OK I will change all passwords but no one else knew them anyway so if someone was able to get into the system somehow won’t they be able to do it again?

    Depends on how they got your password. Also, always use SFTP and SSH to edit your site. Cleartext passwords is bad.


    brad_langdon
    Member

    @brad_langdon

    You will have to excuse my ignorance but I have no idea what that means.

    I just use normal ftp to edit the site, I am guessing sftp is secure ftp but would that really matter as I am only uploading files with it…once they are live is when they get hacked is that not right?

    Clear text passwords?

    You mean on the database? I just use whatever default settings bbpress operates with.

    Sorry for all of the questions, I am investigating this on my own as well so I dont nag you guys too much.

    Also not sure what ssh is.


    chrishajer
    Participant

    @chrishajer

    Using plain text passwords means anyone listening on the conversion (running a network sniffer or packet capture tool) can read the password if they can intercept it. With FTP, your password is transmitted in the clear, so, all someone needs to do is grab that password, then they have full access to your files.

    SSH = secure shell. SFTP is secure FTP, and it uses SSH. SCP is a replacement for FTP, using SSH as well. Anything using SSH encrypts the password so that someone who intercepts the password can’t really do anything with it. Regarding clear text passwords for the database. Since the database connection details are stored in a text file (bb-config.php) anyone who can grab your FTP password and access your files will have access to the database. Once they can modify your files, they have the keys to the kingdom, so to speak.

    SSH: http://en.wikipedia.org/wiki/Secure_Shell

    SFTP: http://en.wikipedia.org/wiki/SSH_file_transfer_protocol

    SCP: http://en.wikipedia.org/wiki/Secure_copy

    FTP: http://en.wikipedia.org/wiki/FTP

    A lot of these require cooperation from your host. You can only use whatever they offer for connecting to the machine where your site is hosted. The lowest common denominator is FTP which is old and insecure. Much better is a host that offers SSH access and SCP/SFTP access to the files.

    I really doubt someone grabbed your password out of a packet and changed your database connection details or the table name. I think it’s probably a far less interesting mistake than that.

    I’m of the ‘better safe than sorry’ variety of nerd.

    By ‘changing your password’ I mean all of ’em.

    your ftp password

    your cpanel password (if they’re not the same)

    your email password (ditto)

    your SQL db password to that DB

    your WordPress/bbPress password

    anything else you use on this site

    Yeah, pain in the ass. But again, safer vs sorrier. This all could be one colossal typo of yours that you forgot, or what have you. But if you’re worried it was a hack, then you do what needs doing to stop it cold turkey.


    brad_langdon
    Member

    @brad_langdon

    Thanks guys for all that info, much appreciated.

    However I highly doubt it was a typo on my behalf as like I said I have not touched “anything” to do with this site in about 4 months and it has always worked fine so someone must have changed something and my client does have his enemies…petty yes but still very possible.

    You have three possible answers to who ‘someone’ was.

    1) You (unlikely)

    2) Your client (who figured out how to screw himself up – always a possibility)

    3) Someone else using unauthorized methods (be they hacks or using a computer you didn’t fully log off of)

    I think that’s pretty much it… Speaking as one who has served her time on Hell Desk, the simplest reason why is usually the right one.

Viewing 22 replies - 1 through 22 (of 22 total)
  • You must be logged in to reply to this topic.
Skip to toolbar