inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 14:43:13 GMT -8
Forum URL: dibbuns.proboards.com/Hi there! I’m posting on behalf of the admins at the Proboards forum Dibbuns Against Bedtime. dibbuns.proboards.com/ This is an urgent request, because our forum has been hacked and hijacked by an anonymous party, with malicious intent. He’s taken over the forum admin account and stripped all our staff of their administrator privileges. He’s threatening to shut down the forum within the next 8 hours, if he doesn’t hear the response he wants from the admins. We are requesting immediate help dealing with this matter, since none of us have any more administrator privileges on the forum or much technical experience. Is it possible to get the admin account of a forum revoked, and can we regain control of our forum? (Additionally, if the forum is deleted by this hacker, will proboards be able to assist us in recovering posts and forum setup from their database?) Thanks! We are operating on a 7 hour deadline and we would appreciate immediate help.
|
|
Kami
Forum Cat
Posts: 40,169
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,169
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 24, 2018 14:47:47 GMT -8
I'll let the admins speak to what they can do right now, but here's the lowdown:
If they delete the forum in its entirety, the data will be recoverable.
However, any individually deleted data -- say they delete posts / boards / members, etc -- this qualifies as user-deleted content and that is not recoverable. Unfortunately, a malicious user is still a user.
My advice in the interrim is to make sure the admin of the forum -- they created the forum and have the user ID of 1 and the username admin post here (if it's not you). PB staff can only take action at the admin's request, as a general rule. I'm not sure what they'll do in this case but it's always good to have the forum creator post here.
The question is really how this person obtained access to the administrator account -- ProBoards has yet to be compromised in terms of security, so barring word otherwise from the admins it would suggest that they were able to either guess or somehow else obtain the password.
So, additionally, every staff member, especially the forum creator, should work on securing their email addresses with secure passwords, and if at all possible with 2-factor authentication.
|
|
inherit
254602
0
May 28, 2018 17:07:49 GMT -8
dibbunsbritain
3
April 2018
dibbunsbritain
|
Post by dibbunsbritain on Apr 24, 2018 14:48:13 GMT -8
Hello just following up. I'm another admin from this site. We're all trying to monitor this situation. I will try to be available to reply to anything as well, although as my username indicates my timezone might not be too helpful in this regard. Thanks for any help we can get
|
|
Kami
Forum Cat
Posts: 40,169
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,169
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 24, 2018 14:51:27 GMT -8
Hello just following up. I'm another admin from this site. We're all trying to monitor this situation. I will try to be available to reply to anything as well, although as my username indicates my timezone might not be too helpful in this regard. Thanks for any help we can get This will likely cause confusion. Please allow one spokesperson, ideally the person who created the forum (see my above post as to why), to prevent overlapping information and instructions.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 14:51:30 GMT -8
Hello, thanks for your prompt reply!
Our issue is that the username admin account is the account which has been hacked. The forum creator has since passed on leadership to other accounts on the forum and that account was going unused. That is why it was chosen as a target by this hacker. Therefore, we are not able to get the forum creator to post, since that is the account which has been taken over.
We can provide other proof that we have been running this site for many years, as well as any information the staff deem necessary to prove our identities as the true leaders of the site.
|
|
Kami
Forum Cat
Posts: 40,169
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,169
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 24, 2018 14:56:29 GMT -8
Hello, thanks for your prompt reply! Our issue is that the username admin account is the account which has been hacked. The forum creator has since passed on leadership to other accounts on the forum and that account was going unused. That is why it was chosen as a target by this hacker. Therefore, we are not able to get the forum creator to post, since that is the account which has been taken over. We can provide other proof that we have been running this site for many years, as well as any information the staff deem necessary to prove our identities as the true leaders of the site. Oh dear, this unfortunately presents a problem. Unless forum ownership is officially transfered via ProBoards, then none of you will be recognised as the owner, regardless of what you have done for the forum. I'll leave it to the admins to sort out what they can do for you, but please be advised that because the proper transfer procedure was not followed, the admins' hands may be tied. It's possible they can stop further damage to the forum, but it would be at their discretion as they generally do not interfere with a forum without the forum creator's consent. If you have ANY way to get in contact with the original administrator, please attempt to do so and direct them here so that the PB admins can confirm not only that action can be taken, but so that the transfer can happen to the person of their chosing. Additionally, please note that it is unlikely that this person is a "hacker" -- I know this is a bit of a pedantic issue, but hacking something tends to imply brute force attempts at the entire service rather than one individual account. It's more likely this person cracked the admin password (like cracking a safe), rather than compromising the entire PB system.
|
|
#eb7100
33409
0
1
Sept 18, 2024 13:24:27 GMT -8
Brian
48,130
November 2004
smashmaster3
|
Post by Brian on Apr 24, 2018 14:59:31 GMT -8
Hi, dibbuns. Following investigation of the various content and security logs on the forum I've disabled the global account tied to the main admin account of the forum so no further damage can be accumulated. Unless the main admin of the forum performed an ownership transfer here on ProBoards Support they're still technically considered the forum owner regardless of any powers they've assigned throughout the forum. For that reason it'll be their responsibility to post here using the email address they used to create the forum to verify their ownership of it which will permit me to restore their access to the account. Kami has covered most of the other points that otherwise would've been presented in this post.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 15:09:45 GMT -8
Thank you so much!
We are working to contact the forum creator and hopefully that should be able to be sorted soon.
Once again, thank you so much for your help.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 16:07:31 GMT -8
Apologies for the double post:
A new forum user has been created "thefirewolves" (our website is relatively inactive and slow to gain new members so this is slightly unusual, especially given the circumstance)
I'm not sure if it is the same problem person, however would it be possible to block the IP of the person who was messing our forum around, just in case it is them and they want to try something more?
I understand entirely if that isn't possible, but it might put our minds at ease.
We are also still ongoing in the process of trying to contact the original forum creator.
Thank you so very very much for all of your help.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 17:02:00 GMT -8
Update: The account has logged on again and resumed posting. I assume if the global powers were deactivated this means the hacker (though the term may not be accurate) is simply bluffing. However, I just wanted to make sure the site is still safe until we can contact the original creator of the forum.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 17:30:11 GMT -8
Another update: They have deleted the boards on the forum, leaving just a rather mocking message. They seem to be deleting member accounts as well. Looks like they want to delete the whole thing.
We'll still hunt for the original creator to see if we can get everything reinstated.
|
|
Kami
Forum Cat
Posts: 40,169
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,169
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 24, 2018 17:32:48 GMT -8
So it's outside of Support hours so the admins went home, but I can answer a few of these.
That account is likely someone that had posted in this thread (the post has since been deleted, not sure if by staff or by them, as it was not a helpful contribution to your issue).
I wouldn't worry about a *new* account at this point, as new accounts have no powers.
EDIT: they are actively deleting boards and content as of right now, or is this something you are just finding out?
EDIT Again: Ah, I see what you mean. I'm not sure what the PB staff protocol would be at this point, but since an admin intervened and this individual was able to get around it, there might be some recourse. I'm not 100% sure of that though, mainly because as mentioned prior, it was the forum creator's responsibility to a) transfer the forum properly and b) keep their account secure, so this might still count as "user deleted content". Unfortunately, staff won't return until 9AM pacific tomorrow, so you'll have to sit tight til then. :/ Sorry.
|
|
inherit
254600
0
May 3, 2018 20:38:19 GMT -8
dibbuns
9
April 2018
dibbuns
|
Post by dibbuns on Apr 24, 2018 17:36:48 GMT -8
As I was typing they were deleting.
They are now reformatting the site under their own name (changing color scheme, forum title etc.)
So all of our things have been deleted, and I think they're making new threads and such themselves.
Some of us have been screenshotting as things were unfolding, no idea if that would be any use to anyone, but it's still something.
EDIT: Alright, thank you for the help. If the worst came to the worst, we might be able to rebuild on our own terms, although naturally we'd like to be able to reclaim our forum.
|
|
Kami
Forum Cat
Posts: 40,169
Mini-Profile Theme: Kami's Mini-Profile
#f35f71
156500
0
Offline
Jul 24, 2021 11:48:29 GMT -8
Kami
40,169
July 2010
kamiyakaoru
Kami's Mini-Profile
|
Post by Kami on Apr 24, 2018 17:44:20 GMT -8
As I was typing they were deleting. They are now reformatting the site under their own name (changing color scheme, forum title etc.) So all of our things have been deleted, and I think they're making new threads and such themselves. Some of us have been screenshotting as things were unfolding, no idea if that would be any use to anyone, but it's still something. EDIT: Alright, thank you for the help. If the worst came to the worst, we might be able to rebuild on our own terms, although naturally we'd like to be able to reclaim our forum. You're welcome. I'm sorry this is happening, it's really unfortunate that your forum creator didn't follow / know about the transfer procedure and didn't keep their account secure. (And of course, unfortunate that someone has decided to be a massive jerk about things). I wish you the best of luck. Be sure that you, and the rest of the staff members you're in contact with, make sure to change your email passwords & global account passwords, and enable two-factor authentication on your emails.
|
|
#e61919
Support Staff
224482
0
1
Sept 27, 2024 16:48:35 GMT -8
Scott
24,074
August 2015
socalso
|
Post by Scott on Apr 25, 2018 6:03:11 GMT -8
dibbuns, fyi I temporarily took this forum offline until I have a chance to confer with Brian, and check further into what is going on here.
|
|