XxUnkn0wnxX
Active member
as the title says i am locked out of admin cp i cannot ad new admins in the admin panel so how do i bypass the admin panel? using phpmyadmin to create and add a super super admin without the use of admin cp?
XF 1.2 HELP! site hacked locked out of admin cp, unable to create a new admin or restore one
- Thread starter XxUnkn0wnxX
- Start date
- Status
TPerry
Well-known member
Best bet is to create a ticket... I don't know if they will want to discuss that in an open forum area.
XxUnkn0wnxX
Active member
i some how got access back by restoring but what happened it say incorrect password in admincp login "admin.php" i am still having major issue's and my site is not the only one effected some rampaging hacker is killing most of the sites i know that are running xenforo with some kind of new exploit!
XxUnkn0wnxX
Active member
i gain access then i loose it it is constant battle here, atm i am locking down my site blocking all access
Please don't make such absurd claims. This is most likely due to a comprimise at the host server or by using common passwords. Theres no current known XenForo exploits out there.
XxUnkn0wnxX
Active member
Do you have any proof?
Still gaining information about this since not just my site was effected but others 2
Are you on a shared server?
dedicated server
Has a password been compromised?
yes but i got access back via restore database
Do you have WordPress or anything else installed?
yes but has not been touched or compromised
i have security with cloud flare pro plan with WAF fire wall all settings set to high/max security
as for my passwords they are 32-64 characters long with symbols and random characters
and my hosting is hostgator <-- i have not had any issues with there dedicated service and they have a custom firewall that keeps things in cheack nothing else has been compromised only directly to xenforo forum software that has been effected
and yes i have reset all passwords within server cpanel, data base, ssh, ftp, xenforo admin passwords, wordpress admin passwords, locked every one out, <-- but i still lost access and had to restore again
This is my bet the source of your problem.
What damage was done to your forum precisely? Also can you please post the links to those sites that were hacked?
As of this moment there is no known exploit(s) with xenforo. XenForo is the only forum software that there has never been a security issue with during its whole existence. If there was a new exploit that would cause hacking of xenforo forums en mass, trust me, we would have heard by now.
That being said, did you contact your host to check the access logs and see what went down and how?
Also another thing that I would advice you is to make a thorough check up of your server space for suspicious files and such.
Last edited:
XxUnkn0wnxX
Active member
well i have asked my hosting provider for the logs still no reply as they take there time
sites that where effected that i know of:
http://consolecrunch.org - they had to start for scratch as all there nodes where deleted and users, they back online now
http://playmodz.fr/ - doesn't even load killed but was working b4 my site was attacked
http://portalcentric.net - my site forum's have been locked down at the moment! -- my doing
damages done to my site:
forum_list trolled random images every where
all registered users added to all groups such as super admin, vip, moderator ect...
my admin account locked out password changed even though i locked every one out and i changed my pass b4 this happened (its like they can sniff who changes there passwords and intercept them)
only i have access to admin cp now but still loosing it time to time and i checked ip address list and only mine is in there and i know it not my problem cozz i using mac osx operating system with extensive motetring so i would know if some 1 had access to my computer + this happend even if i wasn't on my computer and it was shut down
@Slavik and how is wordpress the problem? it wasn't even effected and it is no where linked with xenforo, my word press is only for front page only i have access wp-admin and normal users cannot login cozz i took that out
Thanks for the links. Were those other forums hacked the same way like yours was?
Till you hear from your host, it would be best imho to make a thorough check up of your server space for any suspicious file(s) and the likes.
If I were you I would fill in a support ticket as well to your customer area here at xenforo so one of the staff can check/investigate this further/deeper.
XxUnkn0wnxX
Active member
yes those other sites where hacked same/similar way not sure as i am still not sure how it was done but they lost more then i did
i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.
disk usage is still the same as i last saw it
i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.
disk usage is still the same as i last saw it
I bet they used a wordpress exploit to gain shell access to your server, and did the damage from there.
Just because "wordpress wasn't effected" doesn't mean its not the cause.
If you want to send a ticket in with the root login details of your server, we can take a look and see if we can spot anything.
However, in every single case weve ever investigated, the cause has never been XenForo.
XxUnkn0wnxX
Active member
i have went through my logs no one got access via ssh only my ip is in the list and i can confirm i was on via ssh during the times i shows in the logs. though there have been many attempts but all failed
- Status
