1. K

    Security Lock: User must contact admin 1.0.0

    This Add-on allows to set a security lock on (compromised) users accounts to contact the admin so access to the account cannot be regained automatically / without admin intervention. This could be useful if an account is compromised and used by automated software / spam bots. The Add-on also...
  2. D

    XF 2.2 XenForo Query?

    Hi, It's a long time since I've used XenForo, I've installed the latest version on my local PC to test it first... But once I put in on my website, after install are there any tips you guys can give me, such as do I need to delete the /install/ folder? and what about this file...
  3. PaulB

    PSA: ImageMagick information disclosure vulnerability CVE-2022-44268

    ImageMagick just released a patch for a serious information disclosure vulnerability. I haven't tested whether this affects XenForo, but it probably does. You should disable ImageMagick and use GD instead, if possible; ImageMagick is prone to serious vulnerabilities. If that isn't an option...
  4. N

    [DigitalPoint] Security & Passkeys - FRENCH translation

    nicodak submitted a new resource: [DigitalPoint] Security & Passkeys - FRENCH translation - French translation of the [DigitalPoint] Security & Passkeys add-on Read more about this resource...
  5. Ozzy47

    [DigitalPoint] Security & Passkeys - FRENCH translation

    French translation of the [DigitalPoint] Security & Passkeys add-on from @digitalpoint
  6. GameNet

    [NICK97] Recently Used Device - XF2 2.3.9 Patch Level 1

    Info(s): If you wanted to remote logout devices or blocked devices in xenforo 2.x. Now you can with this addon. It’s will include remote logout devices, blocked devices, email notification and current devices banner. Key Feature(s): Remote Logout or Blocked Devices Unblock Devices or Blocked...
  7. V

    Secure a trial

    Hi guys, anyone has an idea how to protect a trial version with the highest possible security against missuse? I thought about hwid but you can spoof it. There has to be a way to secure a trial against users using it over and over again by bypassing the lock. As I said, logging the ip, hwid or...
  8. J

    How is the security implemented

    We are planning to go with Xenforo, but security is important for us. Can you, please, describe how is it implemented. And is it secure from point of view XSS attacks. Thanks.
  9. enivid

    Fixed Restrict password request rate for registered users who currently have no password set.

    Currently (XF2.2.2), when a user doesn't have a password set for their account and requests a password via the "Password and security" page, they can send any number of requests without any restrictions. Of course, they can only flood their own email account in such a way, but this also...
  10. JasonBrody

    Content Security Policy (CSP) for XenForo 2.2

    Hi Everyone ! Though there're several thread on this, but I couldn't figure out any appropriate one for latest XF 2.2 release . So, could anyone provide information on how to configure CSP with latest XF ? (for additional info: I'm using cloudflare & adsense) .
  11. Will Franco

    XF/Hosting Configurations

    How do you manage your XF community? Hosting, security measures, backup protocols, etc.. Current Setup 2,500 active users. Paid community. EC2 Instance, 2 vCPU 4GB RAM AWS Elasticsearch, 1 vCPU, 2GB RAM Cloudflare Security 2FA Administrators .htpassword file to password-protect admin.php...
  12. PaulB

    Minor security vulnerability

    Appears to affect all versions of 2.x; probably also affects 1.x. It's minor but can be a nuisance. What's the correct procedure for reporting details?
  13. K

    [MMO] Security Permission 2.2.0

    The add-on adds new rights to the account security page. New permission: Can change password Can change email Can enable tfa email Can disable tfa email Can enable tfa totp Can disable tfa totp Can enable tfa authy Can disable tfa authy
  14. Up4Deal

    Up4Deal - Make your Forum Great Again !

    Ladies and gentlemen, We present you a new service for and only for XenForo 2.x Our available services: Installation Service Securing your XenForo Add-on installations Installation theme Forum Creation We will soon propose : The creation of add-ons Importing forums to XenForo 2 You...
  15. jazz_aaf

    Unmaintained [Jazzaaf] xenAntiVirus 1.0.1

    Description: This add-on will check new attachments for viruses and malware code using's api. Features: Disable new attachments until marked clean. (on/off) Exclude File Types. Exclude User Groups. Use in Private Conversations. (on/off) Permission-based access to the report...
  16. Complete

    XF 2.0 2FA Does Not Send Email Code

    It does not send the code, the authentication app works but not the the e-mail.
  17. Alpha1

    Lack of interest 'Copy' function to remove sensitive data(Security) and personal information (GDPR) from Server Error Report

    When you report a bug to xenforo or to a developers site, then you will often need to copy the server error report from the xenforo admin panel to the forum of the developer/xenforo. This report often contains personal information like IP address, email, username. It also contains sensitive...
  18. N

    XF 2.1 Is unmodified XenForo 2.1 safe for TLSv1.3 0-RTT?

    In particular, can we enable 0-RTT for all GET requests in core XenForo, even those with parameters? In other words, do you guarantee that all GET requests in XenForo are idempotent? (I understand that we must ourselves check all our add-ons are secure against replay attacks.) Thank you.
  19. nrep

    Lack of interest Add random hash to exported addon zips

    If you export an addon, it generates a zip file with a directory and filename that could easily be guessed (or known). This means that if an addon was exported on a live site, it would be possible for someone else to download without permission. Perhaps a random hash could be appended to the...
  20. C

    XF 2.0 File Health Check /install/index.php

    Hello there, So, this is the first time I have ever run into this issue. Typically I delete any install or upgrade folders from my server for security purposes. Out of the blue I get an email saying that some files were problematic. Those files are as follows: /install/index.php...
Top Bottom