• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SQL injection help and prevention

#1
So my website which uses xenforo has been a target of heavy attacks for the last 3 weeks. I guess a hacker group has sworn to take my site down and will not stop until we are gone. I got the following message from our "friends" that they will be now using a SQL injection attack in 2 days and posted some issues and flaws with xenforo. Unfortunately I have no idea to prevent this and what to do to beef up security. Also how to fix the issues stated by these hackers...Any ideas or documents I can start reading up?
 

Attachments

Jake Bunce

XenForo moderator
Staff member
#4
Please post the full URLs from that screenshot, or PM me. I will investigate each of the injection claims. But I suspect they are bogus.

There are no known vulnerabilities in the current software. Of course I can't speak for third party addons.
 
#5
Yes I am running on 1.3 right now, and I attached the following add-ons. I am most likely going to disable it all but XenPortal (unfortunately it will change the site too much) and block file uploads as I know these people are more then capable on doing what they say if they find any holes. That picture they gave me unfortunately was just a screenshot and I don't have the full links... We just blocked all SSH access to start but looking for other security methods we can do.
 

Attachments