XF 1.2 HELP! site hacked locked out of admin cp, unable to create a new admin or restore one

as the title says i am locked out of admin cp i cannot ad new admins in the admin panel so how do i bypass the admin panel? using phpmyadmin to create and add a super super admin without the use of admin cp?

 

Best bet is to create a ticket... I don't know if they will want to discuss that in an open forum area.

 

i some how got access back by restoring but what happened it say incorrect password in admincp login "admin.php" i am still having major issue's and my site is not the only one effected some rampaging hacker is killing most of the sites i know that are running xenforo with some kind of new exploit!

 

i gain access then i loose it it is constant battle here, atm i am locking down my site blocking all access

 

What exploit? Care to explain?

 

Do you have any proof?
Still gaining information about this since not just my site was effected but others 2

Are you on a shared server?
dedicated server
Has a password been compromised?
yes but i got access back via restore database
Do you have WordPress or anything else installed?
yes but has not been touched or compromised

i have security with cloud flare pro plan with WAF fire wall all settings set to high/max security

as for my passwords they are 32-64 characters long with symbols and random characters

and my hosting is hostgator <-- i have not had any issues with there dedicated service and they have a custom firewall that keeps things in cheack nothing else has been compromised only directly to xenforo forum software that has been effected

and yes i have reset all passwords within server cpanel, data base, ssh, ftp, xenforo admin passwords, wordpress admin passwords, locked every one out, <-- but i still lost access and had to restore again

 

What damage was done to your forum precisely? Also can you please post the links to those sites that were hacked?

As of this moment there is no known exploit(s) with xenforo. XenForo is the only forum software that there has never been a security issue with during its whole existence. If there was a new exploit that would cause hacking of xenforo forums en mass, trust me, we would have heard by now.

That being said, did you contact your host to check the access logs and see what went down and how?

Also another thing that I would advice you is to make a thorough check up of your server space for suspicious files and such.

 

So what are these "all other forums" that have been attacked/hacked? Let's see them, I assume they are no secret.

 

well i have asked my hosting provider for the logs still no reply as they take there time

sites that where effected that i know of:
http://consolecrunch.org - they had to start for scratch as all there nodes where deleted and users, they back online now
http://playmodz.fr/ - doesn't even load killed but was working b4 my site was attacked
http://portalcentric.net - my site forum's have been locked down at the moment! -- my doing

damages done to my site:
forum_list trolled random images every where
all registered users added to all groups such as super admin, vip, moderator ect...
my admin account locked out password changed even though i locked every one out and i changed my pass b4 this happened (its like they can sniff who changes there passwords and intercept them)
only i have access to admin cp now but still loosing it time to time and i checked ip address list and only mine is in there and i know it not my problem cozz i using mac osx operating system with extensive motetring so i would know if some 1 had access to my computer + this happend even if i wasn't on my computer and it was shut down

@Slavik and how is wordpress the problem? it wasn't even effected and it is no where linked with xenforo, my word press is only for front page only i have access wp-admin and normal users cannot login cozz i took that out

 

Thanks for the links. Were those other forums hacked the same way like yours was?

Till you hear from your host, it would be best imho to make a thorough check up of your server space for any suspicious file(s) and the likes.

If I were you I would fill in a support ticket as well to your customer area here at xenforo so one of the staff can check/investigate this further/deeper.

 

yes those other sites where hacked same/similar way not sure as i am still not sure how it was done but they lost more then i did

i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.

disk usage is still the same as i last saw it

 

In one of those forums, it says that one of the admins deleted all the nodes.

None of the "hacking" bull we've been seeing in this thread.

 

i have went through my logs no one got access via ssh only my ip is in the list and i can confirm i was on via ssh during the times i shows in the logs. though there have been many attempts but all failed

 

Do you have other forums/scripts installed in your server? Even for testing purposes or left over from before etc?