XF 1.4 IMMDEIATE HELP!

Someone was able to get into the admin panel of my forums and now is deleting everything.

Is there a way to protect this from happening andy I've also backed up everything on a hardirve? Please help.

Thank you,
Oren Segal
 
Godaddy may have a backup, it may be corrupted in parts (they don't lock tables ofc) but I'm sure it can be fixed as long as you've got the basic amount of information. Try them, but I'm not sure if it'd be of use. You should be taking weekly backups as an administrator, so this is kinda a lesson for next time.
That is the thing though, if I have the SQL file with all the info needed, wouldn't I loose members since that backup was taken 2 months ago? Or would I not loose members? I just want to know, because it can affect a few things.
 
If they take backups every two months then I'm rather worried, I'd just not take backups at all. Weekly should be a maximum of you offer the service, and obviously prune things over two weeks or so.
 
Well, Nights, like many others, took the lazy way out and just installed the patch. :p

But yeah, I'll let him know of this (thanks!), though we've actually never had problems, fortunately. We were hacked once back on vBulletin, but it wasn't anything major and it was from an admin that betrayed us.

I was actually forced to use the patch seeing as my support has ended and the only way to extend it is to pay through paypal ... which apparently thinks I'm stealing from my own account.

The ACP is password protected per user. There is no set password. Whatever the admins password is that's what it is for the ACP. As long as nobody uses something dumb like 'password123' then we should be fine. If it ever imposes a serious threat, if we're ever looming over the precipice of being attacked, then I suggest at that point we start using password generators. Nothing is harder to hack than when your password is '!!$@%$##$%^^*@&^(@@^&^(#@)@%^&@**^(@(%)*@&Alpha'

I've never actually tested or bothered to lookup but there's probably a way to lockout the IP if a user tries more than 'x' amount of times. Considering my password is so long that I almost forget it ... I'm 95% sure that I'm secure, always leave margin for error. But I would just go with password generators. Use all the highest settings and then right the password down on a piece of flash paper and hide it in your desk under a secret panel that's rigged to detonate/destroy the paper if it's not opened properly. Make sure you're secure!
 
Top Bottom