XF 2.2 Cross site scripting and Shellcode

[Snoopjiggyjigg]

Hey, I don't know if anyone can advise. It looks like before the new xenforo patch update came in our site was infiltrated and they gained access via cross scripting and put some lines of php shell code into our files...

(At least this is what the server guy says - i'm not technical, so don't know if this is correct.).

Is there an easy way to correct this? It is throwing our site down every few days. I have removed a lot of the problems, but there are still some problems - but I don't really know what to do. Any advise would be great.

Thanks

 

[Paul B]

Identify how access was gained to the server and resolve that first.

Run the file health check in the ACP to identify any XF files which have been changed and replace them with new copies from the zip archive.

Check for any other files on the server which should not be there or have been modified and delete/revert them.

 

[Snoopjiggyjigg]

Identify how access was gained to the server and resolve that first.

Run the file health check in the ACP to identify and XF files which have been changed.

Check for any other files on the server which should not be there or have been modified and delete/revert them.

Thank you. I did delete all the stuff from the health check, but will find out how I revert the other files in Plesk

 

[Snoopjiggyjigg]

Strangely enough, all the files I deleted are back - so will look at the first bit you suggested again

 

[Max Taxable]

Strangely enough, all the files I deleted are back -

The xenforo files have to be there otherwise you have no xenforo. But these have been edited and are changed now from when they were first uploaded.

 

[Paul B]

Download those files and compare them with the originals to determine what code is being added.