XF 1.2 HELP! site hacked locked out of admin cp, unable to create a new admin or restore one
- Thread starter XxUnkn0wnxX
- Start date
- Status
Do you have any proof?
Still gaining information about this since not just my site was effected but others 2
Are you on a shared server?
dedicated server
Has a password been compromised?
yes but i got access back via restore database
Do you have WordPress or anything else installed?
yes but has not been touched or compromised
i have security with cloud flare pro plan with WAF fire wall all settings set to high/max security
as for my passwords they are 32-64 characters long with symbols and random characters
and my hosting is hostgator <-- i have not had any issues with there dedicated service and they have a custom firewall that keeps things in cheack nothing else has been compromised only directly to xenforo forum software that has been effected
and yes i have reset all passwords within server cpanel, data base, ssh, ftp, xenforo admin passwords, wordpress admin passwords, locked every one out, <-- but i still lost access and had to restore again
Still gaining information about this since not just my site was effected but others 2
Are you on a shared server?
dedicated server
Has a password been compromised?
yes but i got access back via restore database
Do you have WordPress or anything else installed?
yes but has not been touched or compromised
i have security with cloud flare pro plan with WAF fire wall all settings set to high/max security
as for my passwords they are 32-64 characters long with symbols and random characters
and my hosting is hostgator <-- i have not had any issues with there dedicated service and they have a custom firewall that keeps things in cheack nothing else has been compromised only directly to xenforo forum software that has been effected
and yes i have reset all passwords within server cpanel, data base, ssh, ftp, xenforo admin passwords, wordpress admin passwords, locked every one out, <-- but i still lost access and had to restore again
What damage was done to your forum precisely? Also can you please post the links to those sites that were hacked?
As of this moment there is no known exploit(s) with xenforo. XenForo is the only forum software that there has never been a security issue with during its whole existence. If there was a new exploit that would cause hacking of xenforo forums en mass, trust me, we would have heard by now.
That being said, did you contact your host to check the access logs and see what went down and how?
Also another thing that I would advice you is to make a thorough check up of your server space for suspicious files and such.
As of this moment there is no known exploit(s) with xenforo. XenForo is the only forum software that there has never been a security issue with during its whole existence. If there was a new exploit that would cause hacking of xenforo forums en mass, trust me, we would have heard by now.
That being said, did you contact your host to check the access logs and see what went down and how?
Also another thing that I would advice you is to make a thorough check up of your server space for suspicious files and such.
Last edited:
well i have asked my hosting provider for the logs still no reply as they take there time
sites that where effected that i know of:
http://consolecrunch.org - they had to start for scratch as all there nodes where deleted and users, they back online now
http://playmodz.fr/ - doesn't even load killed but was working b4 my site was attacked
http://portalcentric.net - my site forum's have been locked down at the moment! -- my doing
damages done to my site:
forum_list trolled random images every where
all registered users added to all groups such as super admin, vip, moderator ect...
my admin account locked out password changed even though i locked every one out and i changed my pass b4 this happened (its like they can sniff who changes there passwords and intercept them)
only i have access to admin cp now but still loosing it time to time and i checked ip address list and only mine is in there and i know it not my problem cozz i using mac osx operating system with extensive motetring so i would know if some 1 had access to my computer + this happend even if i wasn't on my computer and it was shut down
@Slavik and how is wordpress the problem? it wasn't even effected and it is no where linked with xenforo, my word press is only for front page only i have access wp-admin and normal users cannot login cozz i took that out
sites that where effected that i know of:
http://consolecrunch.org - they had to start for scratch as all there nodes where deleted and users, they back online now
http://playmodz.fr/ - doesn't even load killed but was working b4 my site was attacked
http://portalcentric.net - my site forum's have been locked down at the moment! -- my doing
damages done to my site:
forum_list trolled random images every where
all registered users added to all groups such as super admin, vip, moderator ect...
my admin account locked out password changed even though i locked every one out and i changed my pass b4 this happened (its like they can sniff who changes there passwords and intercept them)
only i have access to admin cp now but still loosing it time to time and i checked ip address list and only mine is in there and i know it not my problem cozz i using mac osx operating system with extensive motetring so i would know if some 1 had access to my computer + this happend even if i wasn't on my computer and it was shut down
@Slavik and how is wordpress the problem? it wasn't even effected and it is no where linked with xenforo, my word press is only for front page only i have access wp-admin and normal users cannot login cozz i took that out
Thanks for the links. Were those other forums hacked the same way like yours was?
Till you hear from your host, it would be best imho to make a thorough check up of your server space for any suspicious file(s) and the likes.
If I were you I would fill in a support ticket as well to your customer area here at xenforo so one of the staff can check/investigate this further/deeper.
Till you hear from your host, it would be best imho to make a thorough check up of your server space for any suspicious file(s) and the likes.
If I were you I would fill in a support ticket as well to your customer area here at xenforo so one of the staff can check/investigate this further/deeper.
yes those other sites where hacked same/similar way not sure as i am still not sure how it was done but they lost more then i did
i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.
disk usage is still the same as i last saw it
i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.
disk usage is still the same as i last saw it
I bet they used a wordpress exploit to gain shell access to your server, and did the damage from there.
Just because "wordpress wasn't effected" doesn't mean its not the cause.
If you want to send a ticket in with the root login details of your server, we can take a look and see if we can spot anything.
However, in every single case weve ever investigated, the cause has never been XenForo.
Just because "wordpress wasn't effected" doesn't mean its not the cause.
If you want to send a ticket in with the root login details of your server, we can take a look and see if we can spot anything.
However, in every single case weve ever investigated, the cause has never been XenForo.
- Status