XF 1.4 IMMDEIATE HELP!

Someone was able to get into the admin panel of my forums and now is deleting everything.

Is there a way to protect this from happening andy I've also backed up everything on a hardirve? Please help.

Thank you,
Oren Segal
 
Okay, somehow some of the accounts and the whole node tree was deleted.

Also, user groups were deleted. I've backed up everything lately, so is there a way to regain all of that information back regarding the CP user groups, node tree etc.?
 
It will restore the forum to the same state it was at when the backup was taken.

Any threads, posts or other content made since then will be lost.
 
One of my administrator's accounts got 'hacked' and so that person immediately had access to the panel.
How exactly was it 'hacked'? Are they using a password that is easily guessed? Are they using the same password as they use on other websites?

It's important that you determine exactly how this happened, or it could happen again. If that answer is Yes to either of the two questions above then you need to have serious words with all of your admins about security.
 
How exactly was it 'hacked'? Are they using a password that is easily guessed? Are they using the same password as they use on other websites?

It's important that you determine exactly how this happened, or it could happen again. If that answer is Yes to either of the two questions above then you need to have serious words with all of your admins about security.
I'm not 100% sure on how that happened, but he managed to get into an account that had access to the panel, with a very little range of permissions so I'm thankful that no other 'damage' has been done besides what actually happened.

And yes, I agree. I shouldn't have left that account as an administrator because it was unnecessary and was barely being used.
 
I would suggest you not give public accounts admin access if you can't count on them using security best practices like not reusing passwords or choosing good ones.

Another thing you might want to do is deny access to admin.php to all but localhost/127.0.0.1 (in apache/.htaccess config) and then use an ssh tunnel to access the admin.php page from the server via the tunnel. That will allow you to restrict access to only those with ssh access. Accessing admin.php from the Internet should result in a 403 Forbidden response. You can find specific instructions with google.
 
Top Bottom