1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 HELP! site hacked locked out of admin cp, unable to create a new admin or restore one

Discussion in 'XenForo Questions and Support' started by XxUnkn0wnxX, Nov 28, 2013.

Thread Status:
Not open for further replies.
  1. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    as the title says i am locked out of admin cp i cannot ad new admins in the admin panel so how do i bypass the admin panel? using phpmyadmin to create and add a super super admin without the use of admin cp?
     
  2. Tracy Perry

    Tracy Perry Well-Known Member

    Best bet is to create a ticket... I don't know if they will want to discuss that in an open forum area.
     
  3. Brogan

    Brogan XenForo Moderator Staff Member

    What do you mean the site has been hacked and you are locked out?

    What happens when you try to log in directly to the ACP?
     
  4. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i some how got access back by restoring but what happened it say incorrect password in admincp login "admin.php" i am still having major issue's and my site is not the only one effected some rampaging hacker is killing most of the sites i know that are running xenforo with some kind of new exploit!
     
  5. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i gain access then i loose it it is constant battle here, atm i am locking down my site blocking all access
     
  6. Brogan

    Brogan XenForo Moderator Staff Member

    There have been no reports of this.

    Do you have any proof?

    Are you on a shared server?
    Has a password been compromised?
    Do you have WordPress or anything else installed?
     
    Amaury, Adam Howard and bortrenamo like this.
  7. oman

    oman Well-Known Member

    What exploit? Care to explain?
     
  8. Slavik

    Slavik XenForo Moderator Staff Member

    Please don't make such absurd claims. This is most likely due to a comprimise at the host server or by using common passwords. Theres no current known XenForo exploits out there.
     
    Amaury and Adam Howard like this.
  9. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    Do you have any proof?
    Still gaining information about this since not just my site was effected but others 2

    Are you on a shared server?
    dedicated server
    Has a password been compromised?
    yes but i got access back via restore database
    Do you have WordPress or anything else installed?
    yes but has not been touched or compromised

    i have security with cloud flare pro plan with WAF fire wall all settings set to high/max security

    as for my passwords they are 32-64 characters long with symbols and random characters

    and my hosting is hostgator <-- i have not had any issues with there dedicated service and they have a custom firewall that keeps things in cheack nothing else has been compromised only directly to xenforo forum software that has been effected

    and yes i have reset all passwords within server cpanel, data base, ssh, ftp, xenforo admin passwords, wordpress admin passwords, locked every one out, <-- but i still lost access and had to restore again
     
  10. Brogan

    Brogan XenForo Moderator Staff Member

    So it was a compromised password?
     
  11. Slavik

    Slavik XenForo Moderator Staff Member

    This is my bet the source of your problem.
     
    Adam Howard likes this.
  12. borbole

    borbole Well-Known Member

    What damage was done to your forum precisely? Also can you please post the links to those sites that were hacked?

    As of this moment there is no known exploit(s) with xenforo. XenForo is the only forum software that there has never been a security issue with during its whole existence. If there was a new exploit that would cause hacking of xenforo forums en mass, trust me, we would have heard by now.

    That being said, did you contact your host to check the access logs and see what went down and how?

    Also another thing that I would advice you is to make a thorough check up of your server space for suspicious files and such.
     
    Last edited: Nov 28, 2013
    Adam Howard likes this.
  13. Dakis

    Dakis Well-Known Member

    So what are these "all other forums" that have been attacked/hacked? Let's see them, I assume they are no secret.
     
    Adam Howard likes this.
  14. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    well i have asked my hosting provider for the logs still no reply as they take there time

    sites that where effected that i know of:
    http://consolecrunch.org - they had to start for scratch as all there nodes where deleted and users, they back online now
    http://playmodz.fr/ - doesn't even load killed but was working b4 my site was attacked
    http://portalcentric.net - my site forum's have been locked down at the moment! -- my doing

    damages done to my site:
    forum_list trolled random images every where
    all registered users added to all groups such as super admin, vip, moderator ect...
    my admin account locked out password changed even though i locked every one out and i changed my pass b4 this happened (its like they can sniff who changes there passwords and intercept them)
    only i have access to admin cp now but still loosing it time to time and i checked ip address list and only mine is in there and i know it not my problem cozz i using mac osx operating system with extensive motetring so i would know if some 1 had access to my computer + this happend even if i wasn't on my computer and it was shut down

    @Slavik and how is wordpress the problem? it wasn't even effected and it is no where linked with xenforo, my word press is only for front page only i have access wp-admin and normal users cannot login cozz i took that out

    [​IMG]

    [​IMG]
     
  15. borbole

    borbole Well-Known Member

    Thanks for the links. Were those other forums hacked the same way like yours was?

    Till you hear from your host, it would be best imho to make a thorough check up of your server space for any suspicious file(s) and the likes.

    If I were you I would fill in a support ticket as well to your customer area here at xenforo so one of the staff can check/investigate this further/deeper.
     
  16. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    yes those other sites where hacked same/similar way not sure as i am still not sure how it was done but they lost more then i did

    i have not found any files changed or new files + i have sitelock - https://www.sitelock.com/ scanning my site every day no suspicious files detected.

    disk usage is still the same as i last saw it
     
  17. Slavik

    Slavik XenForo Moderator Staff Member

    I bet they used a wordpress exploit to gain shell access to your server, and did the damage from there.

    Just because "wordpress wasn't effected" doesn't mean its not the cause.

    If you want to send a ticket in with the root login details of your server, we can take a look and see if we can spot anything.

    However, in every single case weve ever investigated, the cause has never been XenForo.
     
    Adam Howard likes this.
  18. Dakis

    Dakis Well-Known Member

    In one of those forums, it says that one of the admins deleted all the nodes.

    None of the "hacking" bull we've been seeing in this thread.
     
    Adam Howard likes this.
  19. XxUnkn0wnxX

    XxUnkn0wnxX Active Member

    i have went through my logs no one got access via ssh only my ip is in the list and i can confirm i was on via ssh during the times i shows in the logs. though there have been many attempts but all failed
     
  20. borbole

    borbole Well-Known Member

    Do you have other forums/scripts installed in your server? Even for testing purposes or left over from before etc?
     
    Adam Howard likes this.
Thread Status:
Not open for further replies.

Share This Page