Forum Hacked, locked out and no response? FAO LIMEZ!

[Darren69]

Our forum on p2.forumforfree.com was hacked months ago and we, the admins were locked out by having our passwords changed.
We have mailed and mailed the support team at www.forumforfree.com but to date have had no reply.
We were last able to access our forum in late 2006.

What do we need to do to have our password/admin account reactivated?
We've offered to pay for the service if necessary?

Regards,

Daz

:edit: Limez, I have the original email sent to us when we registered in July 2005.
Please, can you help us get our forum back?

[Darren69]

I can't PM anyone for some reason. I can see admins/support team are online though?
I've sent an email message to Randoman however.
I'd be very grateful for some assistance lads, please.

[squadcar56]

If you never had a FAP account, there is no way you'll be getting your forum back.

Sorry.

[Darren69]

And what is a FAP account???
And why can't this be done? The forum is still in place on an SQL database somewhere - all it takes is an administrator to reinstate a password to a given account?

[Attitude]

PM's are disabled for new users to prevent abuse. Please do NOT, ever, e-mail other members and staff members for support in the future as Randoman is not on the support team.


I am sorry, but there currently isn't anything we can do to get your Forum back. I can try (key word is try) to contact Limez to have your forum restored. However, there are absolutely no guarantees.

Before I do that, I want to ask you a few questions: Have you tried to use the forgotten password recovery tool? Also, what was the link to your forum?

[Darren69]

Quote:

Originally Posted by Attitude

PM's are disabled for new users to prevent abuse. Please do NOT, ever, e-mail other members and staff members for support in the future as Randoman is not on the support team.


I am sorry, but there currently isn't anything we can do to get your Forum back. I can try (key word is try) to contact Limez to have your forum restored. However, there are absolutely no guarantees.

Before I do that, I want to ask you a few questions: Have you tried to use the forgotten password recovery tool? Also, what was the link to your forum?

Hi there and thanks for the reply.
I mailed Randoman as his sig suggested he could be contacted for help. My apologies if that was inappropriate.
Yes, tried the forgotten password process, but as the hacker has effectively closed the board, this isn't possible to recover - for all we know, he's changed the email addresses used for password recovery notification too.
I do have the original activation email here to prove we are the owners, however.
I'm more than happy to divulge that to you if it will help.

Link to forum is http://p2.forumforfree.com/littlemantate.html

Many thanks for your help, it is much appreciated.
Please feel free to ask any questions. I trust you have access to my email address within the admin control panel.
As suggested previously, we are more than happy to pay for the service if this is necessary.

[Darren69]

Any luck guys?
Really hoping I can re-open our forum with your help.

[Darren69]

A respectful bump?

[Darren69]

Hi,

It's been 9 days now - can I at least have a reply?
You said you wanted to ask me a few questions?

[Attitude]

I am sorry, but there isn't anything we can do to retrieve your forum.

[Darren69]

Hi - thanks for the reply.

It doesn't need retrieving - it's still there.

Someone has just guessed a password, locked us out and shut the board.
We simply need our administrator password reset to one that we know so we can turn the board back on.
I fail to see how difficult this can be for a System Administrator with first level access.
I run MySQL servers for PHPBB and vBulletin and I know how simple this is.
There's a sticky somewhere that says Forumer has taken over FFF? Yes?
So I can't believe this isn't possible for someone with 3 minutes to spare and access to the database tables.

Again - we're happy to pay for your time.

[Darren69]

^bump

[Darren69]

OK, I get the message. Way to go guys.

Can you please delete the whole resource then, I know for certain this is well within your boundaries.
Simply choose the appropriate database and drop the tables.

[Attitude]

Well, I am sorry. There's nothing we can do to restore your admin account.

It is not Forumer.com's responsibility to make sure every board is secure - that is the administrators responsibility (IE: Trust worthy administrators, strong passwords). Although, we do have very strong security on the servers and if a server gets hacked into, we will restore everything. But unfortunately, if a single board gets hacked into, we cannot revive it.

I am sorry.

[Darren69]

Hi again.


No, as I said, we had someone who must have used either some exploit on the PHPBB version that FFF had at the time, or simply used a brute force password hack. Database security (it's my job believe it or not!!) is one thing, but with a free PHPBB (and no access to config.php) there is no option to make an administrator unalterable like you would with a vBulletin install. Someone already knows who the admin are so that's one half done - the username.
From what I am led to believe, this person gained access to the adminCP and then changed the admin's email address to his own then locked the board down.

So essentially what we have now is a forum we want to use, which is on your servers, and is literally redundant, taking up (admittedly very little) disk space.
It seems a nonsense to me.
One man has access to several hundred users private information, email addresses, websites, and with the right mod installed, private messages.
This is obviously a security breach in terms of the UK data protection act of 1998.
I appreciate the PHPBB admin's password is encrypted on the database in MD5 hash and is virtually unrecoverable - but there's a very easy workaround.

Please, please consider locating our database on your server, opening the 'username' field which is within `phpbb_users`, finding the admin account (usually user id1 or 2 but I can give you the usernames of all our admins!) and using THIS site, create a new MD5 hash string from a password of your choosing, enter it into the database and let us have it so we can regain control of our board.

It really is that simple - only hardship is your time, of which I'm sure is precious like anyone's, hence I would love to pay you for it.
I know it's "only a forum" and not a life or death situation! But we're absolutely shattered by the loss. It means so much to us. As a forum admin I'm sure you can relate to the scale of that.

Help us out man, it's easy. We've been robbed, you've had an illegal security breach.
10 mins work to put it right. I've just tried it on one of my boards - it works perfect every time.