1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SQL injection help and prevention

Discussion in 'Troubleshooting and Problems' started by ChadTheDJ, Jul 3, 2012.

  1. ChadTheDJ

    ChadTheDJ Member

    So my website which uses xenforo has been a target of heavy attacks for the last 3 weeks. I guess a hacker group has sworn to take my site down and will not stop until we are gone. I got the following message from our "friends" that they will be now using a SQL injection attack in 2 days and posted some issues and flaws with xenforo. Unfortunately I have no idea to prevent this and what to do to beef up security. Also how to fix the issues stated by these hackers...Any ideas or documents I can start reading up?

    Attached Files:

  2. MattW

    MattW Well-Known Member

    There are no known security flaws in xenforo. Are you running the latest version of xenforo?
  3. Dinh Thanh

    Dinh Thanh Well-Known Member

    I think XF could not be injected by SQL.
    Which Add-on are you using?
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Please post the full URLs from that screenshot, or PM me. I will investigate each of the injection claims. But I suspect they are bogus.

    There are no known vulnerabilities in the current software. Of course I can't speak for third party addons.
  5. ChadTheDJ

    ChadTheDJ Member

    Yes I am running on 1.3 right now, and I attached the following add-ons. I am most likely going to disable it all but XenPortal (unfortunately it will change the site too much) and block file uploads as I know these people are more then capable on doing what they say if they find any holes. That picture they gave me unfortunately was just a screenshot and I don't have the full links... We just blocked all SSH access to start but looking for other security methods we can do.

    Attached Files:

Share This Page