Forum Hijacked



About six months ago, I created a prototype website at DreamHost that included a PhpBB forum, one of several components set up at that time simply to illustrate what the final site would offer.

For a number of reasons, that project had to be put on the shelf for awhile. The protosite was never promoted, never listed with any of the search engines. I initially had it set up to require a secure log-in just to reach it, but somewhere along the way that failed.

This weekend, as we began to ramp the project back up, I went into the site and checked each component, to see how much I had done, what needed to be done, etc. I was stunned to find the forum had been hijacked by pornographers, who have posted thousands of messages.

I have not opened any of those for fear of viruses and other malware that might be attached, but the subject lines leave no doubt about their intent. I can only hope they do not include illegal content, but what they do contain would destroy what we are trying to create should anyone see it.

Which raised another problem - in that six months, my computer system crashed repeatedly, sometimes due to the Vista OS, sometimes due to hardware problems. In January, it was completely replaced. Unfortunately, that series of events wiped out all of my e-mail records and many other files, including those containing information on how to get into the forum administrator’s area so I can wipe out those postings and either reset the forum with maximum security or, as I suspect will be the case, kill it completely and start over again - with maximum security - at a later date.

In either case, I need help gaining access - and learning how to prevent this from happening again. I have requested assistance from both DreamHost and phpBB support, but thought I would try here, as well, as some of you may have experienced similar problems and found good solutions.



Log into your panel here and go into Support -> Support History and look back for messages when the forum was set up. They usually contain username and passwords and such.

If you still have FTP access, log in and check your config.php file so you can log into your database and check your admin user account info which you’ll need for the “forgot password” option.



Following on from the steps Scott has provided, you can also use the config.php info to login to your database and chage the admin user’s password to whatever you like via phpMyAdmin using the GUI Browse and Edit functions. Select MD5 from the dropdown list when entering a new password via phpMyAdmin.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


The MD5 tip is an excellent one. I had no idea that existed. Is that common across most encrypted passwords?



Yeah, it’s handy for scripts that use a onepass encryption.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost