1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 IMMDEIATE HELP!

Discussion in 'XenForo Questions and Support' started by Rum Runner Entertainment, Sep 21, 2014.

  1. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    Someone was able to get into the admin panel of my forums and now is deleting everything.

    Is there a way to protect this from happening andy I've also backed up everything on a hardirve? Please help.

    Thank you,
    Oren Segal
     
  2. AndyB

    AndyB Well-Known Member

    Log into your Admin CP and change your password.
     
    Erik P. likes this.
  3. Brogan

    Brogan XenForo Moderator Staff Member

    Demote the administrator responsible.

    Ensure all other administrators change their passwords.
     
  4. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    Okay, somehow some of the accounts and the whole node tree was deleted.

    Also, user groups were deleted. I've backed up everything lately, so is there a way to regain all of that information back regarding the CP user groups, node tree etc.?
     
  5. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    I've checked, and I found that one of my administrators' accounts got hacked it makes sense now.
     
  6. imthebest

    imthebest Formerly Super120

    If I were you, I'll just restore my most recent backup (both files and DB).
     
  7. Brogan

    Brogan XenForo Moderator Staff Member

    Not really.

    You will need to restore from a recent backup.
     
  8. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    Mhmm alright. Will that bring back deleted nodes and accounts etc.?
     
  9. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    Mhmm. That will bring back everything that was lost including members user groups etc.?
     
  10. Brogan

    Brogan XenForo Moderator Staff Member

    It will restore the forum to the same state it was at when the backup was taken.

    Any threads, posts or other content made since then will be lost.
     
  11. RoldanLT

    RoldanLT Well-Known Member

    How?
     
  12. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    One of my administrator's accounts got 'hacked' and so that person immediately had access to the panel. He deleted the complete node tree, a few members, user groups and the moderators. I could clearly see that the person that to into the account didn't know how to use the admin panel, but I found out via the admin logs.
     
  13. TDUBS

    TDUBS Active Member

  14. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    Yes, I know.
     
  15. Martok

    Martok Well-Known Member

    How exactly was it 'hacked'? Are they using a password that is easily guessed? Are they using the same password as they use on other websites?

    It's important that you determine exactly how this happened, or it could happen again. If that answer is Yes to either of the two questions above then you need to have serious words with all of your admins about security.
     
    Amaury likes this.
  16. Rum Runner Entertainment

    Rum Runner Entertainment Active Member

    I'm not 100% sure on how that happened, but he managed to get into an account that had access to the panel, with a very little range of permissions so I'm thankful that no other 'damage' has been done besides what actually happened.

    And yes, I agree. I shouldn't have left that account as an administrator because it was unnecessary and was barely being used.
     
  17. Amaury

    Amaury Well-Known Member

    Precisely why I did this at 1:18 AM in March 2013. (y)

    upload_2014-9-22_9-1-21.png
     
  18. Martok

    Martok Well-Known Member

    I hope you have password protected the ACP too and change the password for this on a regular basis.
     
  19. Erik P.

    Erik P. Member

    I would suggest you not give public accounts admin access if you can't count on them using security best practices like not reusing passwords or choosing good ones.

    Another thing you might want to do is deny access to admin.php to all but localhost/127.0.0.1 (in apache/.htaccess config) and then use an ssh tunnel to access the admin.php page from the server via the tunnel. That will allow you to restrict access to only those with ssh access. Accessing admin.php from the Internet should result in a 403 Forbidden response. You can find specific instructions with google.
     
    Andrej likes this.
  20. Amaury

    Amaury Well-Known Member

    I'm not sure, but I don't think so, though we've been fine, so...

    I'll have to check with @Nights as that would be his area of expertise.
     

Share This Page