Danger: Malware (HELP)

Chris D

XenForo developer
Staff member
Is it a specific page? Because I don't get the same alert when I try to visit the front page.

EDIT: Oops, yes I do.


Active member
Arboristsite (221,390 Discussions 4,470,092 Messages 54,063 Members) got hacked on VB4 because they had not removed the install folder. The Hack persisted through several re-installs and eventually resulted in them converting to Xenforo.


Well-known member
Take your site offline, SSH in and search for any files which have been modified recently.
The following files have been modified in the past 3 days:



It looks like index.php was modified but after looking at it I do not see any obvious issues.
Then enable Proxy Images of XenForo 1.3.0 ;)
After just spending 4 hours cleaning up hot linked images that were dead links back to 2008 I am looking for a way to disable future IMG code while preserving any remaining ones. It just makes sense in the long term to host them yourself.