Forum SQL Advice

I'll try and cut a long story short.

A client had a forum - PHPBB on one of these free servers. This was hacked.
Someone either brute forced or exploited, then banned or changed the admin passwords and simply put the board into closed mode.

Now, we're up and running elsewhere with vBulletin but the owner would like to have the old board back along with all the posts for prosperity - it was the beginnings of a band he manages - not to mention this herbert has access to everyone's email addresses, and private messages with the right mod installed
(PHPMyAdmin is not available so there's been no access to the db) and the URL is still bandied about occasionally. In short, he'd like to regain control to a popular forum he created and ran for some time.

The people who own the server are now a new company that took over the old one, and try as I might to explain that they could simply create a new MD5 hash for the admin account and enter it into the database giving us access again, they're saying (after much to'ing and fro'ing) that they've tried to help but cannot. I'm not sure they have SQL access.
They can however give me an SQL backup for $75.
That's great, and would do the job - providing I could restore the backup whilst not having any admin privs on the board. As I say, all the admin accounts have been banned/passwords changed.

All I'd need to do (theoretically) is restore the tables to my own server, then enter the phpbb_users field, find what I suspect to be the new admin and change the MD5 hash to one I'd pre-configured.
Of course, I'd need to install PHPBB as well, presuming I can find the right version..

My concern is, could I do a restore without an admin password in any way?
Pointless forking out $75 otherwise.
I'm rusty with PHPBB - not touched it for ages, and not done an SQL backup for a long time. I'm thinking I can do this with little or no probs?
Can anyone clarify?

Cheers.

~k

[punky]

If they provide you with an SQL backup, then you can use ImpEx to import everything into VB.

$75 to provide a backup is taking the Michael though. Unfortunately, I don't think you have much choice. I'd say they are trying it on though, saying they can't restore access, forcing you to buy a backup. If they can back it up, then i'd say they should be able to restore access.

A good lesson for people to learn though, that free servers sometimes aren't worth it.

Hiya Gavin - cheers for that.
One point - it's PHPBB.
And yes, free servers just aren't worth it. Much better to learn basic SQL installation and PHPMyAdmin configuration and have total control yourself.

Yeah, I know it's a rip off- but for £38 it's worth it to the fella. Small price to pay. In fairness, they've killed the old 'hacked' forum and provided me with a backup for now.
I've just tried to upload it through PHPMyAdmin but I know from past experience it's just way too twitchy with anything of a good size - it's about 18MB zipped.
I didn't get the usual time-out, but instead went through the whole upload then was prompted with a download of a zero byte "import.php" - which confused me no end!

In any case, I can upload this zip file to our corporate server and have the hosts restore from that in situ.

I think ImpEx is VB specific?

Cheers.

[punky]

Quote:

Originally Posted by kryogenik

Hiya Gavin - cheers for that.
One point - it's PHPBB.
And yes, free servers just aren't worth it. Much better to learn basic SQL installation and PHPMyAdmin configuration and have total control yourself.

Yeah, I know it's a rip off- but for £38 it's worth it to the fella. Small price to pay. In fairness, they've killed the old 'hacked' forum and provided me with a backup for now.
I've just tried to upload it through PHPMyAdmin but I know from past experience it's just way too twitchy with anything of a good size - it's about 18MB zipped.
I didn't get the usual time-out, but instead went through the whole upload then was prompted with a download of a zero byte "import.php" - which confused me no end!

In any case, I can upload this zip file to our corporate server and have the hosts restore from that in situ.

I think ImpEx is VB specific?

Cheers.

Yeah, its provided by Jelsoft to allow people to import stuff from other DBs, like phpBB.

I mentioned it because you've said you're now up-and-running with VB?

phpMyAdmin is a bit funny with file uploads... Whoever you're hosting the VB server with, i'd ask them if you can have shell access and then you can restore using the mysql daemon itself.

[Paul M]

What access exactly do you have to the old forum ? If you have any sort of phpmyadmin access you can get back into it easily. If you have ftp access then you could get back in with a bit of fiddling. I fail to see how the server owner could not have mysql access, sounds to me like they are bulling you to try and extract money.

Yeah mate - we're up and running with a VB install 'now'. We lost access to that forum so when I was asked onboard, I started again from scratch with VB. The 'old' forum is actually PHPBB like I said in my first post.

I'm not au fait with shell access (yet) but our hosts are very accommodating and are big fans of the band anyway so they'll help us out as much as we need.

Once I get this backup restored and do a new PHPBB install and change the MD% hash on the db, hopefully we'll have access to the forum once again.

---------- Post added at 22:21 ---------- Previous post was at 22:19 ----------

Quote:

Originally Posted by Paul M

What access exactly do you have to the old forum ? If you have any sort of phpmyadmin access you can get back into it easily. If you have ftp access then you could get back in with a bit of fiddling.

Hiya Paul.

Sadly, no access whatsoever to the old forum. It was on a free server - I'm not sure the hosts have any access ( that they're letting on) as they took over a company gone bust. But yeah, they're probably shafting me, but hey. If I got a back up from a free server for £38 I'm happy.

All I have now is a couple of servers of my own with ftp and PHPMyAdmin access, so it's all fun from here on in!

[Paul M]

They must have access, that's just complete bull. Anyway, you do not need any admin access to restore the forum.

Yeah, I'm sure it is bull. But, i've gone from (in the space of almost a month) "absolutely no, get stuffed" to a "here's a backup". I'm not complaining. The forum is worth quadruple that to us.

My main concern is being able to install a new PHPBB2 forum then initiate a restore and then try and find which account on the db the hacker has chosen as his admin account. I know for a fact this fora didn't have usergroups, just privs given to each user as per.
Should be fun tho.


---------- Post added at 22:32 ---------- Previous post was at 22:31 ----------

Quote:

Originally Posted by Paul M

Anyway, you do not need any admin access to restore the forum.

Good news to me - cheers.

[Rob]

If you have a copy of the database, you could always have a look at it locally, if you install MySQL on your own computer. Indeed add Apache PHP and even phpbb all locally and you should be able to replicate stuff to see what you really have without worrying, in the first instance, about your vbulletin forum. All the stuff above, together with various utilities to assist in access is open source so freely available to download and play with.

Ta Rob. Can I just point out it's PHPBB so there's no confusion.

This is a big curve for me now - always done this sort of work on the remote machine but I've got Apache somewhere.
As I said, the hosts are very friendly and helpful so maybe that's going to be the best way - it will eventually need to be on their stage anyway.
But, if it's a no-go, I'll deffo look into that anyway as I'd be much happier to work on duplicate databases/fora installs locally than shutting forums down while I test remotely.

[Rob]

PHPBB is opensource, http://www.phpbb.com/ works much the same as Vb in it's reliance on the PHP launguage, and MySQL database. Plenty of instructions for installation on the phpbb website.

You know that with vbulletin you have a test forum licence too. Set that up and you should be able to see if you can import stuff to that. From there you can see what you've got without messing with your main vbulletin forum

Quote:

Originally Posted by Rob

PHPBB is opensource, http://www.phpbb.com/ works much the same as Vb in it's reliance on the PHP launguage, and MySQL database. Plenty of instructions for installation on the phpbb website.

Oh, I've no trouble with a board install - done umpteen, and lots of manual modding with the php files.
I'm just going to be new to having PHP and whatnot on my machine - as I said, always done that on a remote server.
But still, can't be too hard to install/learn etc.

Quote:

Originally Posted by Rob

You know that with vbulletin you have a test forum licence too. Set that up and you should be able to see if you can import stuff to that. From there you can see what you've got without messing with your main vbulletin forum

Yeah, have used a test forum from time to time before adding big (non .xml) mods or making serious template changes.
Which reminds me, I need to find time to upgrade to latest Vb on a couple of my boards.


Cheers.

Just wanted to say I got this sorted.
Managed to import the full zipped db, despite it's size - and the 'hacker' (lol) had chosen to give his own account admin privs, so was easy to find as I suspected I knew who it was. Hardest part was an incompatibilty with MySQL versions from the dumped db to the new server, and some character set issues. All easy enough to iron out. Incidentally, I used Servage who have a great web interface which allows you to upload a zipped/tarred backup by ftp, then unzip on the server and import to a chosen database via the web interface. Very nice, and saved me a lot of hassle trying to import via PHPMyAdmin. It also meant I could make minor alterations to the sql file and just re-import with a couple of clicks. I could then keep refreshing PHPMyAdmin and almost watch the import in real time.
Nice.
Anyway, cheers again for the help.