1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Possible Security Issue

Discussion in 'Troubleshooting and Problems' started by M J Austwick, Feb 21, 2016.

  1. M J Austwick

    M J Austwick New Member


    I moved from vB5 to Xenforo recently and it has been a huge success, but yesterday a new user posted claiming to have been randomly logged in as two different users, one of whom is a mod.

    They posted proof that they had indeed had Moderator level access, so I'm happy that they aren't just lying for fun.

    It is possible that the specific mod account may have been compromised, but I need to rule out the possibility that they are telling the truth. I'm not using any add ons other than the Media pack.

    Any thoughts?

    Oz hackedaccount.png
  2. ManagerJosh

    ManagerJosh Well-Known Member

    What usergroups are they a part of?
  3. M J Austwick

    M J Austwick New Member

    Regsisterd Users originally, now temporarily Banned.
  4. ManagerJosh

    ManagerJosh Well-Known Member

    You may want to audit the Registered User Group Permissions AND his individual permissions too.
    M J Austwick likes this.
  5. Tracy Perry

    Tracy Perry Well-Known Member

    since a VB5 import is not in core you either did a double import or had a custom one done. if custom contact whomever did it.
    odds are its a perm/group issue.
    M J Austwick likes this.
  6. M J Austwick

    M J Austwick New Member

    I've checked the permissions and can't see anything out of the ordinary. Before we opened after migration we got rid of all the extra user groups that came across and reduced it down to the bare minimum.

    The user in question was newly registered, so their access isn't a throwback to the migration, we've been running for quite a while with no problems.

    My guess is it is a compromised account, but have to chekc all the options.
  7. Mike

    Mike XenForo Developer Staff Member

    This is almost certainly caused by incorrect caching by your host or reverse proxy. I can see this happening explicitly in the response. Your forum is returning a 304 not modified response when I make requests to load pages, which isn't something XenForo does. (We send headers that should prevent proxies from caching this, but sometimes this is ignored.)

    I can see Sucuri/Cloudproxy involved, so that's probably the first place to check
    M J Austwick and JulianD like this.
  8. M J Austwick

    M J Austwick New Member

    Thanks for the help, it looks like the caching was the problem and that should be resolved now.

Share This Page