• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Danger: Malware (HELP)

Chris D

XenForo developer
Staff member
#2
Is it a specific page? Because I don't get the same alert when I try to visit the front page.

EDIT: Oops, yes I do.
 

rootsxrocks

Active member
#8
Arboristsite (221,390 Discussions 4,470,092 Messages 54,063 Members) got hacked on VB4 because they had not removed the install folder. The Hack persisted through several re-installs and eventually resulted in them converting to Xenforo.
 

wickedstangs

Well-known member
#10
Take your site offline, SSH in and search for any files which have been modified recently.
The following files have been modified in the past 3 days:

-----
/home/wmdracin

./mail/wmdracing.net/webmaster/tmp
./mail/wmdracing.net/webmaster/maildirsize
./mail/wmdracing.net/webmaster/new
./mail/wmdracing.net/webmaster/new/1391527103.H869844P19734.host.wickedstangs.com,S=59402
./mail/tmp
./mail/maildirsize
./mail/new
./mail/new/1391546401.H971214P14813.host.wickedstangs.com,S=2309
./mail/new/1391416862.H515557P21141.host.wickedstangs.com,S=1002
./mail/new/1391589662.H57157P7567.host.wickedstangs.com,S=1002
./mail/new/1391503261.H610025P22633.host.wickedstangs.com,S=1002
./mail/new/1391546405.H125313P14833.host.wickedstangs.com,S=2302
./clientscript/yui/uploader/assets
./clientscript/yui/uploader/assets/uploader.swf
./public_html
./public_html/index.php
./public_html/forum/clientscript/yui/uploader/assets
./public_html/forum/clientscript/yui/uploader/assets/uploader.swf
./public_html/google5c72b66b52db8ab1.html
./public_html/index.php.html
./tmp/awstats
./tmp/awstats/awstats.wmdracing.net.conf
./tmp/awstats/awstats022014.wmdracing.net.txt
./logs
./logs/ftp.wmdracing.net-ftp_log-Feb-2014.gz
-----

It looks like index.php was modified but after looking at it I do not see any obvious issues.
 
#14
Then enable Proxy Images of XenForo 1.3.0 ;)
After just spending 4 hours cleaning up hot linked images that were dead links back to 2008 I am looking for a way to disable future IMG code while preserving any remaining ones. It just makes sense in the long term to host them yourself.