1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to recover from a hack

Discussion in 'Troubleshooting and Problems' started by Phife, Jan 18, 2014.

  1. Phife

    Phife Member

    Can you recover from a hack? An admin's account was recently hacked and the hacker managed to delete user groups and a user.

    Is there any way apart from manual backs ups to recover? I have stuff like the following in the logs

    array(2) {
      ["redirect"] => string(43) "http://websitename/admin.php?user-groups/"
      ["execute"] => string(1) "1"
    Generated By: Admin (, Today at 5:20 PM
    Request State
    array(1) {
      ["_xfConfirm"] => string(1) "1"
  2. AndyB

    AndyB Well-Known Member

    Restoring your database from a backup is the best way to go. Be sure to also do a File Health Check.
  3. Phife

    Phife Member

    Is that the only way?
  4. Andrej

    Andrej Well-Known Member

  5. Slavik

    Slavik XenForo Moderator Staff Member

    If you don't have a backup of your database, then realistically, no, theres not much chance of a data restore.
  6. W1zzard

    W1zzard Well-Known Member

    Is there any way a hacker can change files on the filesystem using only admincp access?
  7. Sheratan

    Sheratan Well-Known Member

    If you are using same password for admincp and root server, then yes.

    I advice everyone to use a different password for root server, admin server, xenforo admin account, database root, and xenforo database. And use a strong password combination. :)
  8. W1zzard

    W1zzard Well-Known Member

    "only admincp"
  9. Jeremy

    Jeremy Well-Known Member

    If you have add-ons that provide access to the file server, yes, other wise, it is entirely possible that the hack included server access and you haven't realized it.

Share This Page