Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Moved to security section
Check your logs, force a password reset and check for unusual actions. Use the file verification tool as well
How do I force a password reset for every user and the file verification tool?
(2016-11-01, 06:00 PM)hideme Wrote: [ -> ]How do I force a password reset for every user and the file verification tool?
Why on earth would you want to reset the passwords of every user on your site?
Lesson in security: They can't access things they don't have access to - that's what user permissions dictate.
(2016-11-01, 08:07 AM)hideme Wrote: [ -> ]Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Well the first thing to do is, follow system logs, and check your admin panel for "Suspicious IP Addresses"
(2016-11-03, 12:18 AM)VoIP Wrote: [ -> ] (2016-11-01, 08:07 AM)hideme Wrote: [ -> ]Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Well the first thing to do is, follow system logs, and check your admin panel for "Suspicious IP Addresses"
Really want to say yes to this, but I know better. True hackers will cover their trail.
(2016-11-03, 02:05 AM)Ben Cousins Wrote: [ -> ] (2016-11-03, 12:18 AM)VoIP Wrote: [ -> ] (2016-11-01, 08:07 AM)hideme Wrote: [ -> ]Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Well the first thing to do is, follow system logs, and check your admin panel for "Suspicious IP Addresses"
Really want to say yes to this, but I know better. True hackers will cover their trail.
Firstly, I didn't mean force a reset for all users (apologies if that was badly worded). Get your
staff accounts (
especially those with elevated permissions) to reset their password.
Secondly, the file verification tool is in tools and maintenance -> File Verification.
Third, Ben Cousins here is spot on (and tbh, you should really listen to him, since he tends to know what he's talking about) - True hackers will
definitely hide their IP address, or even delete it from the logs without raising suspicion. What I will say however, is to enable 2FA for the staff accounts.
Unless you get
extremely lucky, or the hack was done by a skiddie, you would likely not get the IP address of the offenders. The logs, you
might find that they contain
some information of use, such as raw access logs from the webserver providing information of accessed files etc.
THIS might prove useful for finding out what, if anything, people have accessed that they shouldn't do.
Hope this helps a little.
(2016-11-03, 07:55 AM)katos Wrote: [ -> ]Third, Ben Cousins here is spot on (and tbh, you should really listen to him, since he tends to know what he's talking about)
Flattery gets you everywhere, they say
(2016-11-03, 08:29 AM)Ben Cousins Wrote: [ -> ] (2016-11-03, 07:55 AM)katos Wrote: [ -> ]Third, Ben Cousins here is spot on (and tbh, you should really listen to him, since he tends to know what he's talking about)
Flattery gets you everywhere, they say
Flattery gets you to the important places
But in all seriousness, you actually know more than most "common users" in this sense, due to your work with Aspergers Network, etc.
(2016-11-03, 02:05 AM)Ben Cousins Wrote: [ -> ] (2016-11-03, 12:18 AM)VoIP Wrote: [ -> ] (2016-11-01, 08:07 AM)hideme Wrote: [ -> ]Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Well the first thing to do is, follow system logs, and check your admin panel for "Suspicious IP Addresses"
Really want to say yes to this, but I know better. True hackers will cover their trail.
Not all "Hackers" are the smartest. When there is a way to breach such system there is information such as saying "Hey this user accessed this file, and rendered X.
(2016-11-03, 07:55 AM)katos Wrote: [ -> ] (2016-11-03, 02:05 AM)Ben Cousins Wrote: [ -> ] (2016-11-03, 12:18 AM)VoIP Wrote: [ -> ] (2016-11-01, 08:07 AM)hideme Wrote: [ -> ]Hey there.
There is going rumors that my site just got breached. How do I check this?
Thank you.
Well the first thing to do is, follow system logs, and check your admin panel for "Suspicious IP Addresses"
Really want to say yes to this, but I know better. True hackers will cover their trail.
Firstly, I didn't mean force a reset for all users (apologies if that was badly worded). Get your staff accounts (especially those with elevated permissions) to reset their password.
Secondly, the file verification tool is in tools and maintenance -> File Verification.
Third, Ben Cousins here is spot on (and tbh, you should really listen to him, since he tends to know what he's talking about) - True hackers will definitely hide their IP address, or even delete it from the logs without raising suspicion. What I will say however, is to enable 2FA for the staff accounts.
Unless you get extremely lucky, or the hack was done by a skiddie, you would likely not get the IP address of the offenders. The logs, you might find that they contain some information of use, such as raw access logs from the webserver providing information of accessed files etc. THIS might prove useful for finding out what, if anything, people have accessed that they shouldn't do.
Hope this helps a little.
I find that very offensive coming from a staff member stating that another users opinion is more right than other. If I didn't feel qualified to respond to the OP, I wouldn't have responded. Please keep that in mind.