Recent content by m0n0L1th1c

I'm not seeing a way to enable two-step authentication via my Account preferences. The option seems to be missing in the sidebar. Am I missing something?

Restore is still on-going but these are the add-ons:

I'll check the add-ons once the site has been restored.

There are about 5-6 other DBs on that account and there is another, separate Xenforo install in a different subdirectory for a completely different aspect of the organization. None of those were touched. That other Xenforo install is less than a month old, has 3 members total, is a new project...

They do host a WordPress site (I did not install it) under the same hosting account, but different domain name. The WordPress site is in a sub-directory and the Xenforo forums are in a different sub-directory. Both have unique domain names and are not pointing to one another due to them being...

cPanel wasn't compromised. Database for this xenforo install also used brand-new login credentials. Only one user for this database was created and it was a unique never-before-used username and never-before-used password.

Site is getting restored via the web host as we speak so can't do forensics analysis. But I completely agree with you that it could be misdirection. Absolutely could be that. Again, I'm just trying to find out what happened and make sure it doesn't happen again. Definitely going to use...

I am absolutely not trying to insinuate anything. I'm just trying to figure out how the client's site got hacked and prevent the same exploit from being used again. I'm hoping that this might help Xenforo and anyone else as well, in the event there is an undisclosed SQL Injection...

This is a screenshot from the xf_user table stating it was hacked via sql injection - 0day.

It was a legitimate Xenforo (I oversaw the purchase of the software) install from scratch on a new MySQL database with never-before-used username/password on a Hostgator Linux hosting account. This client does things by-the-book and would not mess around with pirated software.

My thoughts exactly. Already in the process of the above recommendations. Just wanted to know what this Xenforo Console Exploit Kit was and if it was legit and who this person who calls them self a "XenForo-Security Developer", really is.

As I'm not involved in day-to-day ops of this site, I don't know the full specifics, however a client's Xenforo was hacked. This is the screenshot of their site: Just for ****s and giggles, I googled "Samet Chan" and this is what I saw. Note the "Xenforo security Developer | Xenforo Console...

Hello All – Is there a way to export Custom User Field data to CSV, email or whatever? Let's say we create custom user fields such as: Club Name, Club Address, Club Web Page, Club Membership ID. #, etc. Is there a way to capture and export that data to CSV or some sort of list or email, or...

That did it. Many thanks! M.

At the top of the index page of our forums, Xenforo Media Gallery is displaying a row of photos. That row is titled "New Media". I'd like to change it to something else, specifically one of the category names. How do I do this? I'm assuming it's in one of the template files? Thanks, M.