Lauren3 Posted June 14, 2022 Share Posted June 14, 2022 Hi, Our board has been hacked. I have restored files and it works but I'm unable to access to CP because 2FA doesn't work. How can I disable it? Link to comment Share on other sites More sharing options...
Nathan Explosion Posted June 14, 2022 Share Posted June 14, 2022 DISABLE_MFA Marc 1 Link to comment Share on other sites More sharing options...
Solution Marc Posted June 14, 2022 Solution Share Posted June 14, 2022 As mentioned above, you would need to create a constants.php file. You would create this in the root of your community installation, and add the following <?php define('DISABLE_MFA',TRUE); Remember to remove this line once you have got in there and reset anything you need Link to comment Share on other sites More sharing options...
Lauren3 Posted June 14, 2022 Author Share Posted June 14, 2022 Thanks, it dosn't show up but now it returns on login page, with no error message Link to comment Share on other sites More sharing options...
Marc Posted June 14, 2022 Share Posted June 14, 2022 Just now, Lauren3 said: Thanks, it dosn't show up but now it returns on login page, with no error message If the line above has been added, it will not show up on the login page. You would need to check what you have added Link to comment Share on other sites More sharing options...
Lauren3 Posted June 14, 2022 Author Share Posted June 14, 2022 2 minutes ago, Marc Stridgen said: If the line above has been added, it will not show up on the login page. You would need to check what you have added ?php define('DISABLE_MFA',TRUE); Stuck on login page, no error displayed Link to comment Share on other sites More sharing options...
Lauren3 Posted June 14, 2022 Author Share Posted June 14, 2022 OK, solved that issue by using private navigation, probably cookie related. Thanks! Link to comment Share on other sites More sharing options...
Marc Posted June 14, 2022 Share Posted June 14, 2022 No problem. That being the case, clear your browser cache and you should be good to go Lauren3 1 Link to comment Share on other sites More sharing options...
beats23 Posted June 14, 2022 Share Posted June 14, 2022 Just curious. Can you tell how the hackers got access to your website, was it through the ACP or other route? Link to comment Share on other sites More sharing options...
Lauren3 Posted June 14, 2022 Author Share Posted June 14, 2022 2 hours ago, beats23 said: Just curious. Can you tell how the hackers got access to your website, was it through the ACP or other route? I don't know exactly, it's been a week that I'va got some hacked files replacing the original ones in the root dir. This night they have been erased. I've got this issue on Wordpress too, but there are some tools that can be run and prevent this to happen again, but unfortunately those tools are not available on IPB beats23 1 Link to comment Share on other sites More sharing options...
Marc Posted June 14, 2022 Share Posted June 14, 2022 You really need to contact your hosting company to reenforce your security on the server there, and you should be replacing all passwords that can access your server in any way, such as FTP, MySQL, SSH etc. If its happening on multiple software, it seems the issue is your server rather than software Lauren3 1 Link to comment Share on other sites More sharing options...
Randy Calvert Posted June 14, 2022 Share Posted June 14, 2022 5 hours ago, Lauren3 said: I don't know exactly, it's been a week that I'va got some hacked files replacing the original ones in the root dir. This night they have been erased. I've got this issue on Wordpress too, but there are some tools that can be run and prevent this to happen again, but unfortunately those tools are not available on IPB Just so you're aware.... those tools don't fix underlying server issues such as weak FTP passwords or poor database configurations, etc. If you have not done, so, change passwords for EVERYTHING.... FTP, mail, mySQL, any sort of web-management portal, etc. Then look at ensuring any software program you use on your site (IPB, Wordpress, or anything else) is updated. Finally look at using a cloud WAF such as Cloudflare to help improve your overall security posture. Link to comment Share on other sites More sharing options...
Lauren3 Posted June 15, 2022 Author Share Posted June 15, 2022 On 6/14/2022 at 11:13 AM, Marc Stridgen said: You really need to contact your hosting company to reenforce your security on the server there, and you should be replacing all passwords that can access your server in any way, such as FTP, MySQL, SSH etc. If its happening on multiple software, it seems the issue is your server rather than software We just removed Tapatalk App, just in case... Link to comment Share on other sites More sharing options...
Marc Posted June 16, 2022 Share Posted June 16, 2022 as mentioned, its your hosting items that you need to check more than anything else Link to comment Share on other sites More sharing options...
Recommended Posts