chauffeursforum Posted August 6, 2019 Posted August 6, 2019 The last two days we had big problems that some person log in our system and change all the owners and Admins. So we have to back up hole system. Can somebody help us to find out how we can see who attack us ? It have to be a member from our forum
opentype Posted August 6, 2019 Posted August 6, 2019 If you installed a backup you’ve also overwritten the admin login logs. So that information would be gone. There would also be information in the server access logs, but they are not easy to read. First thing you would need to do is of course change all admin passwords. And I checked what I think is your site and you do not have folder protection (e.g. htaccess) for your adminCP, nor have you renamed it. Anyone can access the ACP login page. That makes it rather easy for hackers. I would change that.
Joy Rex Posted August 6, 2019 Posted August 6, 2019 And enable Two Factor Authentication (I use the Google Authenticator) for the Admin CP as well.
Tripp★ Posted August 7, 2019 Posted August 7, 2019 5 hours ago, Joy Rex said: And enable Two Factor Authentication (I use the Google Authenticator) for the Admin CP as well. ^ This. We had an issue about a year ago where one of our Administrators had their passwords leaked (Which we found out on haveibeenpwned) if it wasn't for two-factor-authentication, they would have gotten into the ACP, it protected us, big time. Which is exactly why I force it to all staff with access to critical systems on my site. We also ask them to make secure passwords now too. I recommend checking your password and your staff's email addresses against HaveIBeenPwned to see if there has ever been a breach with those emails - and change the passwords too, whilst you're at it.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.