Sir-Toby.Com

My admin password got hacked on horsehockey!

I can change it on the mysql backend, but I don't know how the passwords are encoded. Little help?

[EDIT: Searched the board and found a resolution. changed password field to varchar and updated admin password with sql statement]

I'm glad that you've managed to fix it. Any idea how it could have been hacked? Is there any risk that the same thing could happen here?

BTW, if you need urgent help with something then emailing Sir Toby is a better bet than posting here, as he doesn't always check this forum that frequently.

Yeah...my username and password were both invalid.

I am glad you found the information you needed to get everything working again. I am also curious as to what happened. If there is a security hole in Extend-A-Story, I'd like to get it fixed. Of course, it is also possible that your host simply upgraded the version of MySQL they are using and you got bit by bug # 9.

Are you running the latest version of Extend-A-Story (version 2.2.0)? I've found some SQL injection vulnerabilities in older versions of Extend-A-Story, so I strongly suggest running the latest version to keep yourself protected.

In any case, I am curious to find out more about what happened if you have more information available. If you don't want to post the details publicly, feel free to email me directly.