Last night I posted the URL for my website so that we developer types could have a peek. Sometime soon after someone went into the admin. Like a trusting fool I hadn’t change the password from dolphin to a new one so someone went in and wiped out all my profiles and anything else they could get their hands on (300 profiles!) Its my own fault but I never thought that someone here would be looking to make life harder on us than it already is.
A WARNING TO ALL DOLPHIN DEVELOPERS! Change your passwords!
Unfortunately to compound the problem I had the server rebooted because I thought it was hanging in not loading profiles etc. Now RAY is not working. Do I have to do something to get RAY started again after a server reboot. Any assistance that way available?
Thanks!
Make Meaning Or Die
I feel very sorry for you Stardreamer. People shouldn’t take advantage of you when you are trying to help. As for the RAY issue. Perhaps the media server has also been turned off or something? I’m not a RAY User YET so I don’t know.
Perhaps you could look through your server logs to determine if anything has been changed that shouldn’t have been.
lol
1. dolphin 6 is in development! not to use!
2. change password evry month…
Oh no Stardreamer… This is so bad… Who is that crazy fellow who did this on your site… I feel like kicking that idiot… Such bad thing happened with such a good guy… this is very sorry state… Everybody please change your password immediately…
Maybe this would be a good time to suggest admin ip logs?
ffs stardreamer ….. basic error and ommision !
I updated the old dolphin doc about change of the admin password s part of install, as far as I recall it’s included in the new wiki ?!.
Regular backup schedule also needed for a live site
I am so sorry to hear that stardreamer!!
Yea, sounds like that is pretty bad. Did you have a back-up or anything of your users?
That Sucks!!! It had to be someone from here. And that really pisses me off. Shame on the person that would be so rude and hateful as to mess with another persons website.
Who ever did this needs to stand up and say something. Even if you did it as an accident please say something
Thanks to all of you. Its all of us who get how stressful this work is. I know I’m an able webmaster but this dolphin community development process has been tough. After six months of working it most every day I feel that I’m finally getting to understand how to work with it.
The person who did this to me changed the admin password from “dolphin” to “hacker” so I wanted to warn everyone because it is someone who read our blog.
I had a backup from a few days ago so I have re-uploaded most of the missing material but I’ve had a bad day because of it.
To show up here and see all of you in my corner is really uplifting. I mean who can understand what we go through and how much it means to us but “us!”
Keep on building everyone. Its worth it - every day of two steps forward - one step back.
I feel for every one of you, as you wrestle night after night with RAY, dolphin, css, php, ssh, - all to share community with others. How cool are we!
Today was a bad day for me, but last night was great!
Thats realy bad that someone deleted your data and i have a question at that point.
When i implement an htacces in the admin folder which only let use me the admin part from special ip-adresses, will there be an problem with the script?
I will get an ip-adress from my provider and so there are no chance to get in from another ip.
langejg @ aside from any script problems, your IP is likely to change regularly by itself, therefore you may wake up one morning and find you are locked out.
I can get an ip from my telefon provider like AT&T.Then my ip will not change. I think its the best way not to get in trouble like it is written above.
Over ftp i ever will have acces, so that i can change htaccess,but i don´t need i think.
True. Although having a secure password is an easy way to fix this problem. You should generate a nice long one from somewhere like
http://www.pctools.com/guides/password/
You should also change it every week or so.
Also securing your admin folder with .htaccess could help plenty, off course not using admin and dolphin in the .htaccess as the username and password.
Yes ,but with the secure password extremly long means,that i allways have to take it with me or i only use it from one system because i saved it.
So the way to restrict ip is better i think.
But now back to my question.Will that solution work without getting errors in dolphin?
“or i only use it from one system because i saved it.” You could only login from one system if you had the IP restricted as well..
@LC91
Yes,i know but thats no problem for me.If i need to conect from another place i can change htacces over ftp first.
I want to secure the admin folder.I am working in it and knew that there are ways to get into the admin pages over scripts.I don´t think that it is realy hard to do,because admin account will not be disabled after a view false logins like it is done in local networks.
I think it should be no problem to secure the admin folder by ip restriction,but i want the opinion of the coders from dolphin.
stardreamer why you have dolphin beta public online???!!!!!
your forum (orca) is buggy: http://loveofsports.com/orca/
lol
Let me say this once again. By using this script you give premission to the Boonex team to access your site an information at any time.
I had trouble setting up the script an gettin it too work. I have a very secure site. The only people with access to my site an server other the My Server NT’s was Boonex Team.
Not only did they go in after I sent them a letter telling them I fixed the problem but they edited an modified my profiles. Then changed my password.
Needless to say the callbacks an etc.. I will sit down tonight an write each one out I find. an repost them here. But the ones I can name off the top of my head are, access to your database, config files, giving access to your site through the news on your admin.
stardreamer
———=———–
so sorry to hear about this but im sure we will catch him and hopefully he will be banned from here and further more he needs to be dealt with by aurthorities
—=—–> anyone have ideas how to catch this hacker ?
comon guys lets get this guy now …dont leave him continue doing ths to the rest …… im so pissed we have someone from here and he did this … youll be caught who ever you are and youll be punnished cause the TEAM will ban you and then we will report you to your provider for hacking
Can you not look at the web stats to check on the ip addresses that have visited your site. Then look at the day in question. you should be able to narrow done the ip address of the nasty hacker. compare previous days with the day in question.
andrey I AM SURE WILL BE PISSED WHEN HE FINDS OUT !
———–=—————
i think its someone who is jeoulous and thats the reason they did this to you my friend … i am so furious that someone that low can do such a thing …. dont worry we will find out … soon or later … or the saying goes … what goes around comes around
Sorry to hear about that. Changing password is essential. Although we see some great people hanging around here, this blog is public and anyone - a competitor or simply a dumb-ass jerk can read it and perform actions like that. be careful. As suggested securing your admin folder with .htaccess file may be a good idea.
As for Ray - you need to restart RMS - that’s descrived in Ray docs at boonex.net/ray
@cwedude29
I always wonder where all that conspiracy comes from. From day one there was no a single case of us accessing anyone’s site without prior agreement. The only “callback” function in Dolphin is admin panel checking for updates, and it has no way for entry. IF you change your admin password, we can not access your Dolphin-based site no matter how we want that. IF we find the way - we would immediately update the software and would stay away from logging to your site like a plague, cause it would ruin our reputation once and for all. Think about it.
We had one funny case though. At the early ays when we were selling aeDating licenses one jerk tried to resell them on eBay. He was stupid enough to use small icons from our site to create his eBay description - just direct-liked to the image on our server. What we did - we changed the icon filename on our site and uploaded a huge hardcore porn picture to our server with the old icon filename. Grasping already?
Yeah - the ebay listing turned into a set of huge porn pics and a short note from us. Ebay forums were shaking!
That’s the only hacking we ever did. But that was fun.
Thanks for answer Andrey,so i will secure my admin folder.
Once v6 is out final i will purchase some things like conributor,link removal and other addons time after time.Ray is planed for future,because i will start with normal web hosting plan.
I only wait for v6 final because i want to start with a great base and i love that script.
You and your team are doing realy great work.
Nice work on that eBay guy Andrey
I am not trying to start a conspiracy. Futhermore THE ONLY PEOPLE who had access to my site was the SUPPORT TEAM of Dolphin. From where they requested my User Name & Password for my FTP Account to access my server so my issue could be addressed So I gave it too you guys. Then it took 3 days for you to reply back. After I had sent another email informing I had fixed the problem myself ya’ll sent an email back saying I had somehow corrupited the file “profiles.php” in the admin folder an you had fixed it an backed up the old one renaming it to “profiles.php.old” Right after that was when I went in an found that a picture of a Naked female had been posted to a profile in place of the picture that was their.. The Server Access Log Shows the only one who visited an entered the site was through the ftp account an belongs to Boonex So YOU can say what you want. You guy did not have the right to touch anything on my site except trace down the issue I had. The posting of the NUDE pic was uncalled for. Furthermore everything on my site runs from my site. Their is nothing that is pulled from another site due to bandwidth restriction I have. So if you are claiming you did not do then check with others you work with cause someone from Boonex entered my site through ftp an did more then just fix the issue I emailed you guys about.
Well i had BOONEX install my wigets an ray and i never had any problems, sorry to hear that, im sure it wasnt them !