[Coco] forums restore
Aaron Wolfe
aawolfe at gmail.com
Fri Jul 10 00:05:47 EDT 2009
On Thu, Jul 9, 2009 at 10:17 PM, Roger Taylor<operator at coco3.com> wrote:
> At 07:33 PM 7/8/2009, you wrote:
>>
>> Roger,
>>
>> If my login is broken, do you suggest to just wait till your done hackin
>> and wackin, and then re-subscribe?
>>
>> Thanks,
>> Tim Fadden
>
>
>
> Yes, just hold off. The powers that be are going to perform the 7/5/2009
> restore tonight or tomorrow. Still, the members and messages that were
> deleted will still be gone until I can merge their content back in somehow
> when I locate my May or June backup later.
>
> I'm going to do a huge cleanup besides studying the logs to see who did what
> to delete certain members AND their messages. It's a mess trying to read
> the logs by eye because all of the HTTP requests are listed as they are made
> and not per IP address. The last hack showed that a user manually performed
> some operations and then had the nerve to post a message bragging about it.
> They guessed my password because it was too simple.
>
Assuming your logs are in common log format, the sort command will
give you back the log broken down by IP, i.e.
# sort /var/log/apache/access.log
There are also some very powerful programs that can help you analyze the logs.
Scalp is a tool that scans logs for malicious behavior including php
and sql exploits and spamming attempts.
http://code.google.com/p/apache-scalp/
WUM is a statistics based analysis tool that can (for instance) find
URL patterns that occur very seldom or from only one source, which
often will point you straight to the bad guy(s).
http://hypknowsys.sourceforge.net/wiki/The_Web_Utilization_Miner_WUM
Getting real friendly with grep can also save you lots of time.
> Not all CoCo users are good guys. There are some bad ones out there who
> might even be reading our posts and possibly even participating, watching,
> waiting, planning. With all the angry spells I've seen here (far beyond any
> typical debate I've been involved in, myself), it's no surprise that there
> might be a few people who want to bring it all down if they can.
>
> If I had to take a good guess, it would be h*xst*r.
>
Sounds like I've missed some interesting times. Good luck and I hope
you find the bastards.
-Aaron
>
> --
> Roger Taylor
>
> http://www.wordofthedayonline.com
>
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>
More information about the Coco
mailing list