attack to our forum

[chauffeursforum]

The last two days we had big problems that some person log in our system and change all the owners and Admins. So we have to back up hole system. Can somebody help us to find out how we can see who attack us ? It have to be a member from our forum

[opentype]

If you installed a backup you’ve also overwritten the admin login logs. So that information would be gone. There would also be information in the server access logs, but they are not easy to read. 

First thing you would need to do is of course change all admin passwords. And I checked what I think is your site and you do not have folder protection (e.g. htaccess) for your adminCP, nor have you renamed it. Anyone can access the ACP login page. That makes it rather easy for hackers. I would change that. 

[Joy Rex]

And enable Two Factor Authentication (I use the Google Authenticator) for the Admin CP as well.

[Tripp★]

5 hours ago, Joy Rex said:

And enable Two Factor Authentication (I use the Google Authenticator) for the Admin CP as well.

^ This. We had an issue about a year ago where one of our Administrators had their passwords leaked (Which we found out on haveibeenpwned) if it wasn't for two-factor-authentication, they would have gotten into the ACP, it protected us, big time. Which is exactly why I force it to all staff with access to critical systems on my site.

We also ask them to make secure passwords now too. I recommend checking your password and your staff's email addresses against HaveIBeenPwned to see if there has ever been a breach with those emails - and change the passwords too, whilst you're at it.