Need(ed) Help Quickly! (and got it!)

General discussion about Extend-A-Story.

Moderator: Extend-A-Story Moderators

Post Reply
User avatar
lordreaibn
Posts: 313
Joined: Fri Mar 31, 2006 3:31 pm
Contact:

Need(ed) Help Quickly! (and got it!)

Post by lordreaibn » Mon Nov 26, 2012 2:47 pm

My admin password got hacked on horsehockey!

I can change it on the mysql backend, but I don't know how the passwords are encoded. Little help?

[EDIT: Searched the board and found a resolution. changed password field to varchar and updated admin password with sql statement]

JH
Posts: 1006
Joined: Sat Apr 26, 2003 4:31 pm
Location: UK
Contact:

Post by JH » Mon Nov 26, 2012 6:49 pm

I'm glad that you've managed to fix it. Any idea how it could have been hacked? Is there any risk that the same thing could happen here?

BTW, if you need urgent help with something then emailing Sir Toby is a better bet than posting here, as he doesn't always check this forum that frequently.
JH

Ben McClellan II
Posts: 88
Joined: Sat Aug 19, 2006 4:34 am
Location: Evansville, IN
Contact:

Post by Ben McClellan II » Tue Nov 27, 2012 3:04 am

Yeah...my username and password were both invalid.
Twitter: @benmcclellan

Horsehockey v5.0: Ongoing! horsehockey dot ORG

User avatar
Sir Toby
Site Admin
Posts: 402
Joined: Sat Apr 26, 2003 3:42 pm
Location: Portland, Oregon, USA
Contact:

Post by Sir Toby » Wed Nov 28, 2012 1:02 am

I am glad you found the information you needed to get everything working again. I am also curious as to what happened. If there is a security hole in Extend-A-Story, I'd like to get it fixed. Of course, it is also possible that your host simply upgraded the version of MySQL they are using and you got bit by bug # 9.

Are you running the latest version of Extend-A-Story (version 2.2.0)? I've found some SQL injection vulnerabilities in older versions of Extend-A-Story, so I strongly suggest running the latest version to keep yourself protected.

In any case, I am curious to find out more about what happened if you have more information available. If you don't want to post the details publicly, feel free to email me directly.

Post Reply