XF 1.4 IMMDEIATE HELP!

Rum Runner Entertainment

Rum Runner Entertainment

Active member
Someone was able to get into the admin panel of my forums and now is deleting everything.

Is there a way to protect this from happening andy I've also backed up everything on a hardirve? Please help.

Thank you,
Oren Segal
 
Sort by date Sort by votes
Upvote 0 Downvote
Martok said:
If you don't know then you haven't. I'm correct too, just checked. You should upgrade XenForo to the latest version too. ;)

It's very easy to do, here's the resource on how to do this.

https://xenforo.com/community/resou...and-the-install-directory-using-htaccess.353/
Click to expand...

Well, Nights, like many others, took the lazy way out and just installed the patch. :p

But yeah, I'll let him know of this (thanks!), though we've actually never had problems, fortunately. We were hacked once back on vBulletin, but it wasn't anything major and it was from an admin that betrayed us.
 
Upvote 0 Downvote
The files don't really matter unless the administrator had access to your files, which is essentially being a super administrator and very bad practice.

You need to restore your MySQL database. That's where all the users etc are stored, not in your files. I recommend closing your board during the process.
 
Upvote 0 Downvote
Robust said:
I use that, the obvious admin username and pass, htpasswd and an IP whitelist. Four layers you can assume.
Click to expand...
I used to use .htpasswd but more hassle than worth it for me. Can't use an IP Whitelist since I don't always log in from set IP's (sometimes the iPad on cellular or frequently from some clients if something is going on). Biggest thing was remembering to put the GA app on my two phones and set the authentication up at the same time.
 
Upvote 0 Downvote
Tracy Perry said:
I used to use .htpasswd but more hassle than worth it for me. Can't use an IP Whitelist since I don't always log in from set IP's (sometimes the iPad on cellular or frequently from some clients if something is going on). Biggest thing was remembering to put the GA app on my two phones and set the authentication up at the same time.
Click to expand...
I keep mine in /etc/nginx/pass and I have a unique one for access roles, and I make sure it's completely unique and has nothing to do with the person themselves, but something they'll easily remember. Dog name, girlfriend name, etc for username and password anything harder related to that. Slightly strange but I think it's pretty sweet.

As for ips, my partner is dynamic and personally I'm out and about a lot. I usually whitelist ranges in CIDR format, better than allowing everything huh.

GA for admin panel does get a tad annoying sometimes, but I don't really make any administrator use it, it's just optional for someone. I think it'd be overkill if I forced it on people, especially when you access the admin panel a lot.
 
Upvote 0 Downvote
Robust said:
The files don't really matter unless the administrator had access to your files, which is essentially being a super administrator and very bad practice.

You need to restore your MySQL database. That's where all the users etc are stored, not in your files. I recommend closing your board during the process.
Click to expand...
Wait, so things like user groups, deleted members, node tree etc. is in the SQL database?

So I need to upload that? What if I don't have a backup of that? Then all of that would be lost then??
 
Upvote 0 Downvote
Oren Segal said:
Wait, so things like user groups, deleted members, node tree etc. is in the SQL database?

So I need to upload that? What if I don't have a backup of that? Then all of that would be lost then??
Click to expand...
You're correct.

If you use shared hosting your host may have a copy of it. I know a lot of hosts use things like rdsoft and take perhaps daily backups or so of the files and keep them for a limited time before deleting.
 
Upvote 0 Downvote
Robust said:
You're correct.

If you use shared hosting your host may have a copy of it. I know a lot of hosts use things like rdsoft and take perhaps daily backups or so of the files and keep them for a limited time before deleting.
Click to expand...
Ah okay because I don't have a copy of it at all. So I hope GoDaddy has a copy of a recent backup. If they don't then.. I don't know.
 
Upvote 0 Downvote
Oren Segal said:
Ah okay because I don't have a copy of it at all. So I hope GoDaddy has a copy of a recent backup. If they don't then.. I don't know.
Click to expand...
If they don't, and you didn't export the DB via phpmyadmin - you have lost that data/info.
Good lesson to learn... back up regularly. Don't depend on your host to do it for you.
To often the hosts backups are bad and then you are screwed.
Let this be a learning lesson about user/owner performed backups. That's the only way you can be sure it's done (and done correctly because you can test it).
 
Upvote 0 Downvote
Tracy Perry said:
If they don't, and you didn't export the DB via phpmyadmin - you have lost that data/info.
Good lesson to learn... back up regularly. Don't depend on your host to do it for you.
To often the hosts backups are bad and then you are screwed.
Let this be a learning lesson about user/owner performed backups. That's the only way you can be sure it's done (and done correctly because you can test it).
Click to expand...
Yes, I've learned, but I never thought I would need that data though.

Ehh, if I can't get it, I will just close my forums down, there's no use. I've put a years' work into that and just having it being taken away just really takes the pressure off of my shoulders. Obviously I could use my license towards something else worth my wild, but I've learned my lesson.

I will re-post if I retrieve the data.

Thanks :)
 
Upvote 0 Downvote
Godaddy may have a backup, it may be corrupted in parts (they don't lock tables ofc) but I'm sure it can be fixed as long as you've got the basic amount of information. Try them, but I'm not sure if it'd be of use. You should be taking weekly backups as an administrator, so this is kinda a lesson for next time.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

M
  • Question Question
XF 2.2 Database Error after Disabling Domain Redirection
Replies
10
Views
360
Matthew Hutchinson
M
P
  • Question Question
XF 2.2 post border and appropriate rank oscillation? I don't know
Replies
3
Views
266
stellaethra
stellaethra
Olecoot
  • Question Question
XF 2.2 importing steps
Replies
5
Views
247
nevershutup
nevershutup
Dark_Riddles
  • Question Question
XF 2.2 Xenforo Install - Clean
Replies
3
Views
364
Korsch
Korsch
D
  • Question Question
RM 2.2 Backup and restore resources manager
Replies
0
Views
104
Dangerousdave26
D
Top Bottom