Facebook
Google
GitHub
Linkedin
RedemptionAD
- Joined Jul 10, 2006
- 1
Hi, I'm the owner of the boards that got hacked there that JoeJester quoted from. Some members sent me some e-mails and messaged me at my clan boards there too, then I followed some googleness and ended up here. 
I understand this topic is a little old now but I would like to share the information on how I fixed the whitehat attack. For future reference, you might want to pin a quote to what I'm about to say here in the forums somewhere...because I could not find any information about how to fix the attack so I had to go at it myself. Then after toying around for about half an hour I found it. - One thing I have not solved, is how to regain the search functions without leaving the security hole open.
SILVER HAT HACKER: The Recovery
First of all, delete the Search.php for your boards, it is fairly easy to locate. You also need access to a PHPMyAdmin for your forum's MySQL database.
1.) Open PHPMyAdmin and log in. Go to the database that your Invision Board is installed to. You'll see the list of tables there, click "Browse" on "IBF_Members". You should now see a list of all the members registered at your forums. First of all, locate Silvery Hat Hacker's username and delete it.
2.) After you have deleted his account, find your's and click the EDIT button. You'll see a huge list under 'Field'. Find the one named "mgroup" (Member Group Value) - You'll see the little field just to the right of it with a number in it. When Silvery Hat hacked my boards I noticed that he had placed my account in the banned members and the rest of my administrators in the Validating group.
3.) Go view your profile on your boards and change the number in the PHPMyAdmin's mgroup value until. Keep refreshing your profile and changing the mgroup value until it says you're back in the Administrator member group.
4.) Save and you'll be done with that. Last step is to log into your AdminCP from your boards and set all your admin's member groups to their rightful place. (Silver Hat changes ALL of them, even if you've got like 50 some-odd admins he'll change every single one to banned or validating). Close that, you're done with that part now.
SILVER HAT HACKER: Damn Ugly Banner Removal
This part is going to explain how to remove the skin banner. Very simple process.
1.) Log into your AdminCP and go to this:
Skins & Templates > Skin Manager > (Whatever your skin is he hacked) > Edit Root Skin Header & Footer Wrapper.
I think it's more than obvious what you have to remove here, he puts it in the same place everytime. If anyone has any questions about anything else to do with this matter. You can e-mail me at Malachi[AT]audiodragon.net
As far as I'm concerned with this hacker, he needs to grab a new hobby. *Shrug*
-Malachi Smith
(Aka. RedemptionAD)
I understand this topic is a little old now but I would like to share the information on how I fixed the whitehat attack. For future reference, you might want to pin a quote to what I'm about to say here in the forums somewhere...because I could not find any information about how to fix the attack so I had to go at it myself. Then after toying around for about half an hour I found it. - One thing I have not solved, is how to regain the search functions without leaving the security hole open.SILVER HAT HACKER: The Recovery
First of all, delete the Search.php for your boards, it is fairly easy to locate. You also need access to a PHPMyAdmin for your forum's MySQL database.
1.) Open PHPMyAdmin and log in. Go to the database that your Invision Board is installed to. You'll see the list of tables there, click "Browse" on "IBF_Members". You should now see a list of all the members registered at your forums. First of all, locate Silvery Hat Hacker's username and delete it.
2.) After you have deleted his account, find your's and click the EDIT button. You'll see a huge list under 'Field'. Find the one named "mgroup" (Member Group Value) - You'll see the little field just to the right of it with a number in it. When Silvery Hat hacked my boards I noticed that he had placed my account in the banned members and the rest of my administrators in the Validating group.
3.) Go view your profile on your boards and change the number in the PHPMyAdmin's mgroup value until. Keep refreshing your profile and changing the mgroup value until it says you're back in the Administrator member group.
4.) Save and you'll be done with that. Last step is to log into your AdminCP from your boards and set all your admin's member groups to their rightful place. (Silver Hat changes ALL of them, even if you've got like 50 some-odd admins he'll change every single one to banned or validating). Close that, you're done with that part now.
SILVER HAT HACKER: Damn Ugly Banner Removal
This part is going to explain how to remove the skin banner. Very simple process.
1.) Log into your AdminCP and go to this:
Skins & Templates > Skin Manager > (Whatever your skin is he hacked) > Edit Root Skin Header & Footer Wrapper.
I think it's more than obvious what you have to remove here, he puts it in the same place everytime. If anyone has any questions about anything else to do with this matter. You can e-mail me at Malachi[AT]audiodragon.net
As far as I'm concerned with this hacker, he needs to grab a new hobby. *Shrug*
-Malachi Smith
(Aka. RedemptionAD)
