Discussion in 'Forum Management' started by billybatz9, Sep 21, 2013.
I am seeing a number of vB sites being hacked... has anyones xenforo website been hacked before?
xF has only ever had a couple of exploits caused by xF directly, so I doubt you'll see anyone get hacked unless its their fault/an exploit in an addon.
Or a server misconfiguration or being outdated on it's updates.
or shared hosting and someone else gets hacked.
Yeah there is quite a few ways, but directly from xF you're probably not gonna run into any issues.
There has never been a direct exploit caused by XenForo's code.
The only issue was with the SWF upload 3rd party code, which, Mike patched immediately after being alerted to the issue (and incidentally I think was the first person to fix it in any software?). I also believe, that no XenForo board was actually comprimised via this route either due to how quickly the patch was deployed.
All other XenForo-related "hackings" have been down to poorly coded addons, or comprimises of the hosting (be this vps, dedicated or shared)
Oh I could have sworn there was one or two exploits with xenforo in the past. Even better.
There have been a lot of hackings on vBulletin lately, but they are completely avoidable by removing the install directory from the server, which people should do, anyway, after upgrading.
We've sadly been hacked multiple times. The worst of it was because of a vulnerability in our server (which has since been patched up), but several times it was through security holes in vB4. There was one that basically enabled you to steal the admin login through the social groups... I'm pretty sure it's still there & there are still videos on YouTube showing you how to do it. I was following Xenforo for a while before the exploit become known to me, but it's what prompted me to get active about transferring to Xenforo.
We haven't had any problems since.
Using XenForo? = NO.
I did have my forum hacked by some douche who signed up as the hacker. I got back onto the forum and changed his settings and then banned him and as well as that I sent his IP address off to his isp.
Several times when I was using vBulletin 4 on URLJet. I'm using Xenforo on KnownHost now... so far, so good.
Separate names with a comma.