Jump to content

attack to our forum


Recommended Posts

If you installed a backup you’ve also overwritten the admin login logs. So that information would be gone. There would also be information in the server access logs, but they are not easy to read. 

First thing you would need to do is of course change all admin passwords. And I checked what I think is your site and you do not have folder protection (e.g. htaccess) for your adminCP, nor have you renamed it. Anyone can access the ACP login page. That makes it rather easy for hackers. I would change that. 

Link to comment
Share on other sites

5 hours ago, Joy Rex said:

And enable Two Factor Authentication (I use the Google Authenticator) for the Admin CP as well.

^ This. We had an issue about a year ago where one of our Administrators had their passwords leaked (Which we found out on haveibeenpwned) if it wasn't for two-factor-authentication, they would have gotten into the ACP, it protected us, big time. Which is exactly why I force it to all staff with access to critical systems on my site.

We also ask them to make secure passwords now too. I recommend checking your password and your staff's email addresses against HaveIBeenPwned to see if there has ever been a breach with those emails - and change the passwords too, whilst you're at it.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...