paying someone to fix my broken xenforo forum (which was hacked)

Risa

Member
paying someone to fix my broken xenforo forum (which was hacked)
message me for cpanel username and password


the config files are correct, all the xenforo core files are there too, can't imagine what's wrong with it.
 

DarkGizmo

Well-known member
You can easily fix this yourself.

1) Change your server's user & password.
2) Keep only the config file, delete the other files and replace them with clean Xenforo files to be safe.
3 Revert the database to a working backup prior to being hacked.
4) Update your Xenforo installation to the latest build.
5) Change the admin password & possibly email address if needed.
 

Risa

Member
You can easily fix this yourself.

1) Change your server's user & password.
2) Keep only the config file, delete the other files and replace them with clean Xenforo files to be safe.
3 Revert the database to a working backup prior to being hacked.
4) Update your Xenforo installation to the latest build.
5) Change the admin password & possibly email address if needed.
I did all that, but as you can see, the site is still plain white.
Also, I noticed that my Login was missing too.


I tried this and inputted my login info and it says user not found. Would you like to take a look inside?
 

Tracy Perry

Well-known member
If you want... I might have a few hours I can spare to take a look.
There are two ways to do it.. one is you provide me with the credentials you have to get into your shared hosting. The other would be to install TeamViewer and I remote into your computer and YOU log into your cPanel without the need to share any credentials, and if any additional inputs needed for logging into any other areas you put that data in and then I take it from there.

Do you know if your mySQL DB username/password is the same?

If you haven't already gotten any assistance, just start a convo with me.
And if you are worried about a "stranger" getting into your system... there are plenty here that I've helped before that can vouch for me.
BTW... the "pay" for which I would charge would be ..... a simple "Thank You" and if you wanted to take it further, a small donation to a local pet rescue foundation.
 

Tracy Perry

Well-known member
Site is back up running. Problem with the main site was the index.php did not pass the file check and had been modified. The DB password had also apparently been changed.
 

Risa

Member
Site is back up running. Problem with the main site was the index.php did not pass the file check and had been modified. The DB password had also apparently been changed.
THANK YOU for fixing the index.php file!

So there's this mass-hack that steals your Cpanel password and goes around and changes all your php files to become spammy. And it becomes hard to find which one that they changed, since xenforo has lots of php files.


Anyway thanks!
that's everything :D
 

Tracy Perry

Well-known member
THANK YOU for fixing the index.php file!

So there's this mass-hack that steals your Cpanel password and goes around and changes all your php files to become spammy. And it becomes hard to find which one that they changed, since xenforo has lots of php files.


Anyway thanks!
that's everything :D
actually... that's what the file check is for... as of right now, all your files pass the file check.
Now, if you have some WordPress sites online, or even able to be accessed... I won't guarantee that those aren't at issue... but you should be fine with XF.
I'd suggest enabling 2FA everywhere you can though. I don't worry about it to much as for my server, you can't get into it unless you are coming in from 1 of 4 static IP's we have configured.
 

Brogan

XenForo moderator
Staff member
I would also check for any additional files the hacker may have installed on the server.
 

PatriotGB

Active member
Good to hear you got it fixed! That would be a nightmare for me. This was a reminder to improve the security on my forum. I just added 2-factor authentication for my cPanel and my ACP.
 

Tracy Perry

Well-known member
I would also check for any additional files the hacker may have installed on the server.
Yeah... any "spare" directories/users and installs of WP or any other script that is NOT being used needs to be totally removed from the system.
Not the depth of pursuit that I was interested in chasing.... Just offered to get it back to running.
Personally.. if it was me... i'd do a fresh setup and import my old site into it.
 
Last edited:
Top