Unable to log in - Password reset not working

[ZorKas]

It's not a password compromise since the forum has been hacked.
To protect accounts:
In the SMF forum the administrator has the option to reset passwords. To reactivate the account you must enter the new password.
To do this you must first enter your email "REGISTRATION ORIGIN" to receive the reactivation link.
- In case the email is different from the original one, it is lost.
- In case the user profile e-mail is deleted, it is lost.
- In case the MySQL database is corrupted, it is lost.
- In the case where the MySQL database has been modified, it's lost
It should be understood that the Comodo forum works with the SMF application. This application has all the scripts under PHP associated with a MySql database which contains the IDs and passwords of the user accounts and other values.
All MySql databases must be backed up every day, preferably at night. This is an essential function because in case of a crash, there is no means of restoring if the dump is non-existent.

Just being curious... for what reason can't members login at the moment?
Is it another reason than that their passwords were being compromised?

[login9]

It's not a password compromise since the forum has been hacked.
To protect accounts:
In the SMF forum the administrator has the option to reset passwords. To reactivate the account you must enter the new password.
To do this you must first enter your email "REGISTRATION ORIGIN" to receive the reactivation link.
- In case the email is different from the original one, it is lost.
- In case the user profile e-mail is deleted, it is lost.
- In case the MySQL database is corrupted, it is lost.
- In the case where the MySQL database has been modified, it's lost
It should be understood that the Comodo forum works with the SMF application. This application has all the scripts under PHP associated with a MySql database which contains the IDs and passwords of the user accounts and other values.
All MySql databases must be backed up every day, preferably at night. This is an essential function because in case of a crash, there is no means of restoring if the dump is non-existent.

So is the case that no matter what I try to get  an email reset link my details are lost?

[CISfan]

It's not a password compromise since the forum has been hacked.
To protect accounts:
In the SMF forum the administrator has the option to reset passwords. To reactivate the account you must enter the new password.
To do this you must first enter your email "REGISTRATION ORIGIN" to receive the reactivation link.
- In case the email is different from the original one, it is lost.
- In case the user profile e-mail is deleted, it is lost.
- In case the MySQL database is corrupted, it is lost.
- In the case where the MySQL database has been modified, it's lost
It should be understood that the Comodo forum works with the SMF application. This application has all the scripts under PHP associated with a MySql database which contains the IDs and passwords of the user accounts and other values.
All MySql databases must be backed up every day, preferably at night. This is an essential function because in case of a crash, there is no means of restoring if the dump is non-existent.

Thank you for explaining, it clarifies a lot.

You mention that "In case the email is different from the original one, it is lost" does that also mean that once you make a typo (mistake) in entering the email when resetting the password and then retry to reset the password again but now entering the correct email it is then lost too? Or does the user profile survive when making a typo in entering the email? Sounds critical to me.

Maybe the above is not applicable at all when all MySql databases are restored from backup and all users can login again after resetting their passwords, I don't know that maybe this needs also some clarification.

[ZorKas]

So is the case that no matter what I try to get  an email reset link my details are lost?

As explained above
The user's login and password is stored in the SQL database (encrypted).
During the password reset request, the login/e-mail when opening the account is compared with those registered in the SQL database if it matches with the email entered for password reactivation, it's Ok, otherwise there is no reactivation.
If the base is damaged, it must be repaired, if this is not possible, it must be restored at the earliest possible date.

[ZorKas]

Thank you for explaining, it clarifies a lot.

You mention that "In case the email is different from the original one, it is lost" does that also mean that once you make a typo (mistake) in entering the email when resetting the password and then retry to reset the password again but now entering the correct email it is then lost too? Or does the user profile survive when making a typo in entering the email? Sounds critical to me.

Maybe the above is not applicable at all when all MySql databases are restored from backup and all users can login again after resetting their passwords, I don't know that maybe this needs also some clarification.

If you make a typing error, it is not serious, just correct it, but the referrer email must be in the SQL table to be validated.
Then, the script managing the sending of the email takes over.
It is possible that the procedure call under PHP in relation to the SQL database managing the reactivation is also defective, so it is the administrator who intervenes in this case.

[CISfan]

Is the MySql databases already restored from backup at this moment?

Besides the MySql databases backups are there also backups made / available of all the PHP scripts (and all other needed files) involved in running this forum? And are those backups restored as well as we speak?

[CISfan]

Hmmm, the forum almost looks like abandoned. Not much member activity and no new members today . . .

[EricJH]

Is the MySql databases already restored from backup at this moment?

Besides the MySql databases backups are there also backups made / available of all the PHP scripts (and all other needed files) involved in running this forum? And are those backups restored as well as we speak?

Zorkas is speaking from experience with his own website which also uses SMF software.

We haven't had any details from Comodo other than they are working on it. I am sorry I can't provide more information.. I'd love to know and share with you guys.

[ZorKas]

Is the MySql databases already restored from backup at this moment?

In this case it is a hacking of the MySql database where the user IDs containing the name (nickname), the email, the password, the IP
The password is coded SHA-1.
It is not interesting for the hacker to decipher the password (SHA-1) because it has been reset by the administrator.
Concerning IPs, many are dynamic so with change by the ISP periodically.
The only interest is the e-mails which often on a forum are only pseudonyms.
In the case of a database hack, you have to search the connection logs on the server to deduce the source, I think Comodo takes care of it to find the flaw, it takes time.
There is no point in rushing a restoration until safety is restored.
For the PHP language, like all programming, it has security updates that must be applied in relation to SMF, which has also undergone updates.
The PHP <=> MySql relationship needs to be upgraded on both sides to avoid hacking
Only administrators have the rights to access the configuration - repair - upgrade - backup of an SMF forum.

[CISfan]

Understandably that restoration takes time and that Comodo needs time to find the source of the attack so that they can investigate it further and hand it over to higher authorities.
Of course safety comes first, no need to rush things.

You say that "The only interest is the e-mails ..." can you elaborate on why this is valuable to the attacker?
I mean if they are not interested in deciphering the database passwords how would they make money from the database then?
They are after making money and without knowing the correct passwords they can't do anything with both the user profiles and their emails addresses.

[ZorKas]

What's the point ?
To know the emails, it allows to try to hack and to know the messages on the server where the mailbox is hosted.
The resale value for an attacker is the utility of the SQL database and its importance
The value is subject to the profile of the company and its employees, here it's not a bank or the white house so it's a lesser value.
It is above all the fact of inducing a piracy effect to reduce the value of the company that is most important, I think...

[Ploget]

Hacking a Security Company is 'usually' a challenge and gives them prestige for a start, but the sale of thousands / millions of valid email addresses is valuable in its own right . . . primarily for Phishing and spam attacks

It doesn't take many successful Phishing emails to make it very worthwhile. Run any of your old emails through here and it's quite an eye opener: https://haveibeenpwned.com/

I mean if they are not interested in deciphering the database passwords how would they make money from the database then?
They are after making money and without knowing the correct passwords they can't do anything with both the user profiles and their emails addresses.

[CISfan]

What's the point ?
To know the emails, it allows to try to hack and to know the messages on the server where the mailbox is hosted.
The resale value for an attacker is the utility of the SQL database and its importance
The value is subject to the profile of the company and its employees, here it's not a bank or the white house so it's a lesser value.
It is above all the fact of inducing a piracy effect to reduce the value of the company that is most important, I think...

Clear, understood.
Liked the comparison with a bank or a white house.

[CISfan]

Hacking a Security Company is 'usually' a challenge and gives them prestige for a start, but the sale of thousands / millions of valid email addresses is valuable in its own right . . . primarily for Phishing and spam attacks

Got it.

It doesn't take many successful Phishing emails to make it very worthwhile. Run any of your old emails through here and it's quite an eye opener: https://haveibeenpwned.com/

I've never cheched that site.
Does it report about web-email addresses only or also about ISP-email addresses?

[Ploget]

All emails

Does it report about web-email addresses only or also about ISP-email addresses?