Argh, my campaign wiki got hacked

[Whizbang Dustyboots]

Well, it's giving me all sorts of fun errors, if not, but the error messages suggest that a spambot or something went and made new user accounts until the MediaWiki software melted down.

My server host does 24 hour tape drive updates, so hopefully he can restore the material, of which there's a fair amount.

Anyone got any suggestions on other wiki software I can use instead?

I'm reluctantly thinking I might need to lock the wiki down to only being writable by me, instead of my group and will just copy and paste the many (many) pages into the new software. I was thinking I might need to reboot the wiki anyway, since there's a lot of material from Ptolus.com that I had up there prior to the Player's Guide PDF being available, and I'd prefer the wiki just to be my material or my additions to the core info and just enough detail on Monte's work so that the players know the basics on a city and so on.

 

[Ruined]

Uh-oh. What wiki software do you use? I keep a wiki page using Mediawiki on my website, wouldn't want it to get hacked.

 

[Whizbang Dustyboots]

Uh-oh. What wiki software do you use? I keep a wiki page using Mediawiki on my website, wouldn't want it to get hacked.

Mediawiki.

 

[IronWolf]

Mediawiki.

What version number?

 

[XCorvis]

Also, what versions of MySQL (or other db) and PHP? And does you host handle that stuff, or you?

 

[Whizbang Dustyboots]

What version number?

Can't tell from the error messages, but I put it up in January, so it's probably the October 2005 version.

The errors, incidentally:

A database error has occurred
Query: SELECT user_name,user_password,user_newpassword,user_email,user_email_authenticated,user_real_name,user_options,user_touched,user_token FROM `dnduser` WHERE user_id = '1' LIMIT 1
Function: User::loadFromDatabase
Error: 1017 Can't find file: 'dnduser.MYI' (errno: 2) (localhost)

Backtrace:

* GlobalFunctions.php line 451 calls wfbacktrace()
* Database.php line 408 calls wfdebugdiebacktrace()
* Database.php line 358 calls databasemysql::reportqueryerror()
* Database.php line 734 calls databasemysql::query()
* Database.php line 753 calls databasemysql::select()
* User.php line 679 calls databasemysql::selectrow()
* User.php line 625 calls user::loadfromdatabase()
* Setup.php line 212 calls user::loadfromsession()
* index.php line 63 calls require_once()

 

[Whizbang Dustyboots]

Also, what versions of MySQL (or other db) and PHP? And does you host handle that stuff, or you?

My host does.

 

[Whizbang Dustyboots]

Incidentally, I pulled everything off via FTP a few days ago, just as a regular backup of my site, and I can't figure out where the heck all the wiki data is stored. (I was planning on just putting it all in a Word file and putting it back online via static pages, if nothing else.) Where does all the wiki data hide?

 

[IronWolf]

Incidentally, I pulled everything off via FTP a few days ago, just as a regular backup of my site, and I can't figure out where the heck all the wiki data is stored. (I was planning on just putting it all in a Word file and putting it back online via static pages, if nothing else.) Where does all the wiki data hide?

All the wiki data lives in the MySQL database it uses on the backend. If you only backed up the web directory you don't have the data that had been entered in your wiki. You will need the database backup for that. Some hosts back that up, others don't. My host backs up my DBs and I also use a script that emails me a gzipped copy of my DB (the DBs I do this with are pretty small...).

From the error message above though I think it might be more likely your DB is corrupted than that it was hacked. You might want to touch base with your host to see if they are having DB server issues. If they say no, then you will probably want to see if they do backup your MySQL databases.

 

[Whizbang Dustyboots]

You were correct. My host "smacked" the database and it all came back. Big relief to me!