Thread: Hacker Gave himself Admin privs
View Single Post
  #5  
Old 30 Nov 2017, 23:49
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Moderator
  
Join Date: Sep 2008
Real name: Michael Miller Jr
Originally Posted by CarolSEL View Post
A new member registered at our forum, then somehow made himself an Admin. (Obviously, we banned him and his IP.)

How can that happen? What precautions do we need to take?
If the hacker gains access to the database they can alter their membergroup id #, if they have access to ftp (files) they can also assign themselves as a Super-Administrator per the config file - it's easy IF they have access but basically simply FTP access would allow you to also upload a file and interact with the database directly w/o the need for phpmyadmin or similar.
__________________
Daddy Does Dios and Figs!

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote