• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 Database Breach

#1
Hello,

I'm just going to dive right into this, earlier this evening we had our password database breached by a few "hackers." They've targeted multiple other websites, and the only major similarity we've had in common is that we seem to be using the same forum software. Now by no means am I trying to blame anything of this on xenForo, as I love their product, I'm just wondering what steps I should take at this point to secure my website. I have no clue how they did it, and I'd love some direction on where I should go from here.

Sincerely,
John
 

Brogan

XenForo moderator
Staff member
#3
You need to identify the point of entry.

Was it due to a compromised account/password?
Other software on the server?
Another account on the server (if using shared hosting)?
An add-on?
Some other means?

We're not aware of any exploits in the current version of XF which would allow someone to hack their way in to obtain the DB password.