1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone hack my forum

Discussion in 'Troubleshooting and Problems' started by Roni, Apr 8, 2012.

  1. Roni

    Roni Member

    I have forum on xF engine.
    Someone change nicknames and edit threads, please help.
    www.urban-play.ru
     
  2. Vincent

    Vincent Well-Known Member

    Check the admin log, did someone hack into your account or if not, did he enter the database?
     
  3. Rob

    Rob Well-Known Member

    One of your admins? Weak passwords? Bad host?

    You provide so little information Im just guessing.
     
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Can you still access the Admin CP? You should use that to change your admin password and also secure any other admin / mod accounts. Also check the logs to see which account was compromised:

    Admin CP -> Tools -> Admin Log

    Admin CP -> Tools -> Moderator Log

    Take measures to secure the compromised account (like changing their password).

    If you can't access the Admin CP then this query will allow you to reset the password for your admin account:

    http://xenforo.com/community/resources/password-reset-query.368/
     
    Roni and aiman.h.kallaf like this.
  5. Roni

    Roni Member

    I don't know. Well, he can use Admin CP

    I only from forum can use Admin CP, i change password, does not help

    add:

    Admin log did not show anything interesting

    May bee, hacker upload shell, how i can find shell?
     
  6. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    If the logs in the Admin CP don't show anything then you will have to consult with your host to examine the server logs for evidence of intrusion. Finding the point of entry can be difficult and tedious. Hopefully your host can help you with this.

    Once you have discovered the point of entry then you can take measures to secure your forum. For example, if your FTP login was compromised then you need to change that login.

    If the hacker did damage to your forum then you should consult with your host to restore a backup.
     
    Roni and aiman.h.kallaf like this.
  7. Roni

    Roni Member

    in threads this error:
    PHP:
    Template Errorsthread_view
    Illegal string offset 
    'thumbnailUrl' in /home/users2/r/roni/domains/urban-play.ru/library/XenForo/Template/Abstract.php(265) : eval()'d code, line 2015:
    2014: <li id="' 
    . (($__compilerVar73) ? ('AttachedFileTemplate') : ('attachment' htmlspecialchars($__compilerVar74['attachment_id']))) . '"
    2015:    class="AttachedFile ' 
    . (($__compilerVar74['thumbnailUrl']) ? ('AttachedImage') : ('')) . ' secondaryContent">
    2016:
    Illegal string offset '
    thumbnailUrl' in /home/users2/r/roni/domains/urban-play.ru/library/XenForo/Template/Abstract.php(265) : eval()'d codeline 2019:
    2018:        ';
    2019: if ($__compilerVar74['
    thumbnailUrl'])
    2020: {
    Illegal string offset '
    filename' in /home/users2/r/roni/domains/urban-play.ru/library/XenForo/Template/Abstract.php(265) : eval()'d codeline 2034:
    2033$__compilerVar75 .= '
    2034:            <!--<img src="' 
    XenForo_Template_Helper_Core::styleProperty('imagePath') . '/xenforo/widgets/page.png" alt="' htmlspecialchars($__compilerVar74['filename']) . '" />-->
    2035:            <span class="genericAttachment"></span>
    Illegal string offset '
    filename' in /home/users2/r/roni/domains/urban-play.ru/library/XenForo/Template/Abstract.php(265) : eval()'d codeline 2042:
    2041:    <div class="AttachmentText">
    2042:        <div class="Filename"><a href="' . XenForo_Template_Helper_Core::link('attachments', $__compilerVar74, array()) . '" target="_blank">' . htmlspecialchars($__compilerVar74['filename']) . '</a></div>
    2043:
     
  8. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    That's a problem with your templates. Try reverting the thread_view template in your Admin CP. Then visit /install and select the option to rebuild the master data. That should resolve any problems with that template.
     
    aiman.h.kallaf likes this.
  9. Roni

    Roni Member

    The problem is not resolved
     
  10. mrGTB

    mrGTB Well-Known Member

    Open and check these files for malicious code added: config.php and install-lock.php. That's what got code injected into before for me, might be worth checking those two files out, you never know to be on safe side?
     
    Roni likes this.
  11. Roni

    Roni Member

    Install-lock.php
    PHP:
    <?php header('Location: ../index.php'); /* Installed: Mon, 12 Mar 12 13:35:32 +0000 */
    Config.php
    PHP:
    <?php
     
    $config
    ['db']['host'] = 'localhost';
    $config['db']['port'] = '3306';
    $config['db']['username'] = '*******';
    $config['db']['password'] = '*******';
    $config['db']['dbname'] = '******';
     
     
    $config['superAdmins'] = '1';
    $config['debug'] = true;
     
  12. mrGTB

    mrGTB Well-Known Member

    Clean, nothing wrong with them. But see your running Debug Mode "Yes", thought I read that was not advised before unless running a forum in development mode only for testing things.
     
    Roni likes this.
  13. Roni

    Roni Member

    How i can clean this error, may bee visible clean...
     
  14. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Roni likes this.
  15. Roni

    Roni Member

Share This Page