XF 1.4 IMMDEIATE HELP!

Rum Runner Entertainment

Rum Runner Entertainment

Active member
Someone was able to get into the admin panel of my forums and now is deleting everything.

Is there a way to protect this from happening andy I've also backed up everything on a hardirve? Please help.

Thank you,
Oren Segal
 
Sort by date Sort by votes
Okay, somehow some of the accounts and the whole node tree was deleted.

Also, user groups were deleted. I've backed up everything lately, so is there a way to regain all of that information back regarding the CP user groups, node tree etc.?
 
Upvote 0 Downvote
It will restore the forum to the same state it was at when the backup was taken.

Any threads, posts or other content made since then will be lost.
 
Upvote 0 Downvote
Oren Segal said:
One of my administrator's accounts got 'hacked' and so that person immediately had access to the panel.
Click to expand...
How exactly was it 'hacked'? Are they using a password that is easily guessed? Are they using the same password as they use on other websites?

It's important that you determine exactly how this happened, or it could happen again. If that answer is Yes to either of the two questions above then you need to have serious words with all of your admins about security.
 
Upvote 0 Downvote
Martok said:
How exactly was it 'hacked'? Are they using a password that is easily guessed? Are they using the same password as they use on other websites?

It's important that you determine exactly how this happened, or it could happen again. If that answer is Yes to either of the two questions above then you need to have serious words with all of your admins about security.
Click to expand...
I'm not 100% sure on how that happened, but he managed to get into an account that had access to the panel, with a very little range of permissions so I'm thankful that no other 'damage' has been done besides what actually happened.

And yes, I agree. I shouldn't have left that account as an administrator because it was unnecessary and was barely being used.
 
Upvote 0 Downvote
I would suggest you not give public accounts admin access if you can't count on them using security best practices like not reusing passwords or choosing good ones.

Another thing you might want to do is deny access to admin.php to all but localhost/127.0.0.1 (in apache/.htaccess config) and then use an ssh tunnel to access the admin.php page from the server via the tunnel. That will allow you to restrict access to only those with ssh access. Accessing admin.php from the Internet should result in a 403 Forbidden response. You can find specific instructions with google.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

maethlin
  • Question Question
XF 2.3 Oh man, completely borked my site trying to do an upgrade (by accident) :( Can anyone help?
Replies
4
Views
134
Bubstar
Bubstar
nesterukroman77
  • Locked
Not a bug Help
Replies
1
Views
43
Jeremy P
Jeremy P
Bubstar
  • Question Question
XF 2.3 Blank(white) page after a successful upgrade to 2.3.3, help
Replies
7
Views
74
Bubstar
Bubstar
Hareon
  • Question Question
XF 2.3 Layout completely broken. Any help?
Replies
16
Views
140
Hareon
Hareon
RaPoRSuZDeLi
  • Solved
XF 2.3 Xenforo 2.3.3 forums Neat Display 3 columns side by side help
Replies
5
Views
133
RaPoRSuZDeLi
RaPoRSuZDeLi
Back
Top Bottom