How to recover from a hack

[Phife]

Can you recover from a hack? An admin's account was recently hacked and the hacker managed to delete user groups and a user.

Is there any way apart from manual backs ups to recover? I have stuff like the following in the logs

array(2) {
  ["redirect"] => string(43) "http://websitename/admin.php?user-groups/"
  ["execute"] => string(1) "1"
}

users/shock.2/delete
Generated By: Admin (31.215.205.188), Today at 5:20 PM
Request State
array(1) {
  ["_xfConfirm"] => string(1) "1"
}

 

[AndyB]

Restoring your database from a backup is the best way to go. Be sure to also do a File Health Check.

 

[Phife]

Is that the only way?

 

[Andrej]

Yes.

 

[Slavik]

If you don't have a backup of your database, then realistically, no, theres not much chance of a data restore.

 

[W1zzard]

Is there any way a hacker can change files on the filesystem using only admincp access?

 

[Sheratan]

Is there any way a hacker can change files on the filesystem using only admincp access?

If you are using same password for admincp and root server, then yes.

I advice everyone to use a different password for root server, admin server, xenforo admin account, database root, and xenforo database. And use a strong password combination.

 

[W1zzard]

If you are using same password for admincp and root server, then yes.

"only admincp"

 

[Jeremy]

If you have add-ons that provide access to the file server, yes, other wise, it is entirely possible that the hack included server access and you haven't realized it.