Someone hack my forum


Well-known member
One of your admins? Weak passwords? Bad host?

You provide so little information Im just guessing.

Jake Bunce

XenForo moderator
Staff member
Can you still access the Admin CP? You should use that to change your admin password and also secure any other admin / mod accounts. Also check the logs to see which account was compromised:

Admin CP -> Tools -> Admin Log

Admin CP -> Tools -> Moderator Log

Take measures to secure the compromised account (like changing their password).

If you can't access the Admin CP then this query will allow you to reset the password for your admin account:
Check the admin log, did someone hack into your account or if not, did he enter the database?
I don't know. Well, he can use Admin CP

I only from forum can use Admin CP, i change password, does not help


Admin log did not show anything interesting

May bee, hacker upload shell, how i can find shell?

Jake Bunce

XenForo moderator
Staff member
If the logs in the Admin CP don't show anything then you will have to consult with your host to examine the server logs for evidence of intrusion. Finding the point of entry can be difficult and tedious. Hopefully your host can help you with this.

Once you have discovered the point of entry then you can take measures to secure your forum. For example, if your FTP login was compromised then you need to change that login.

If the hacker did damage to your forum then you should consult with your host to restore a backup.
in threads this error:
Template Errors: thread_view
Illegal string offset 'thumbnailUrl' in /home/users2/r/roni/domains/ : eval()'d code, line 2015:
2014: <li id="' . (($__compilerVar73) ? ('AttachedFileTemplate') : ('attachment' . htmlspecialchars($__compilerVar74['attachment_id']))) . '"
2015:    class="AttachedFile ' . (($__compilerVar74['thumbnailUrl']) ? ('AttachedImage') : ('')) . ' secondaryContent">
Illegal string offset 'thumbnailUrl' in /home/users2/r/roni/domains/ : eval()'d code, line 2019:
2018:        ';
2019: if ($__compilerVar74['thumbnailUrl'])
2020: {
Illegal string offset 'filename' in /home/users2/r/roni/domains/ : eval()'d code, line 2034:
2033: $__compilerVar75 .= '
2034:            <!--<img src="' . XenForo_Template_Helper_Core::styleProperty('imagePath') . '/xenforo/widgets/page.png" alt="' . htmlspecialchars($__compilerVar74['filename']) . '" />-->
2035:            <span class="genericAttachment"></span>
Illegal string offset 'filename' in /home/users2/r/roni/domains/ : eval()'d code, line 2042:
2041:    <div class="AttachmentText">
2042:        <div class="Filename"><a href="' . XenForo_Template_Helper_Core::link('attachments', $__compilerVar74, array()) . '" target="_blank">' . htmlspecialchars($__compilerVar74['filename']) . '</a></div>

Jake Bunce

XenForo moderator
Staff member
That's a problem with your templates. Try reverting the thread_view template in your Admin CP. Then visit /install and select the option to rebuild the master data. That should resolve any problems with that template.


Well-known member
Open and check these files for malicious code added: config.php and install-lock.php. That's what got code injected into before for me, might be worth checking those two files out, you never know to be on safe side?
<?php header('Location: ../index.php'); /* Installed: Mon, 12 Mar 12 13:35:32 +0000 */
$config['db']['host'] = 'localhost';
$config['db']['port'] = '3306';
$config['db']['username'] = '*******';
$config['db']['password'] = '*******';
$config['db']['dbname'] = '******';
$config['superAdmins'] = '1';
$config['debug'] = true;


Well-known member
Clean, nothing wrong with them. But see your running Debug Mode "Yes", thought I read that was not advised before unless running a forum in development mode only for testing things.