Admin Panel

[yamikel]

both with the previous version and with this, someone is getting access to ACP and use the account of administrators, even if they are online to make certain misdeeds.

When this happens, you notice that the administrator in question is not doing anything inside the ACP, because it gives you a downtime. That means, it's as if they were not in the ACP. This gives me to think that they do it in other ways, either through a PHP Shell Script (I do not believe it this time), or by SQL injections, or by some exploit they use

or with a certain tool obtained on the internet (and that I think there should not be many problems to find it), or finally it is a Cross Site Scripting (XSS) vulnerability that has xenforo and that you have to do something specific to solve it ... OR God knows how many other possibilities have someone with access to the internet to download ****s to later believe hacker.

 

[Chris D]

Although we certainly wouldn't totally rule out some sort of security vulnerability, such reports have always turned out to be more simple explanations. Commonly it is insecure server setups, other vulnerable software on the server, poor admin passwords.

In the first instance, you will need to ensure everything above is as secure as it can be and monitor to see if there are any changes. Your or your host should also attempt to isolate the specific activity in logs, increasing the logging level as required, to give a better idea of their activity.

 

[spider]

Perhaps also you could consider pass and/or IP protecting the admin as well via a bit of .htaccess @yamikel ?

There is some information here although it is related to XF1 it should really apply to XF2 as well I expect: https://xenforo.com/community/resou...and-the-install-directory-using-htaccess.353/