1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 File health check failures - lots of weird errors

Discussion in 'Troubleshooting and Problems' started by mcadx, Nov 14, 2012.

  1. mcadx

    mcadx Member

    Hello - over the weekend my forum appears to have been hacked in some form or another. At first, browsers were throwing errors that the page is trying to redirect the user to some random website(in Russia) that was potentially malicious.

    All sites hosted under the same account were experiencing the same, we opened a ticket with the host and they seemingly cleared it up for some people but not everyone. I personally am no longer getting the redirect error but some of the users are.

    Some other symptoms include thread moderation rendered ineffective - attempting to do any content moderation results in blank pages, along with viewing images that are attached to a post but not inserted in-line.

    I've checked the .htaccess and I don't see anything out of order in it.

    I ran a file health check under the admin control panel and it shows a list of 141 files that do not contain the expected contents. They all appear to be javascript files located in "js" directory.

    I just updated to 1.1.3 from 1.1.1 earlier this evening so this is particularly bothersome.

    Any suggestions/thoughts?
     
  2. mcadx

    mcadx Member

    Looks like re-uploading the "js" folder resolved most of the issues. I guess I should've tried that before starting the thread but had way too many weird things happening to ignore it.
     
    Jake Bunce likes this.
  3. mcadx

    mcadx Member

    I spoke too soon, the problem is re-occurring today. Same 141 files in the "js" folder are showing as inconsistent when running the File Verification. Any suggestions?
     
  4. CyclingTribe

    CyclingTribe Well-Known Member

    Just double-check you haven't accidentally uploaded the 1.1.1 js files ... ;)

    Just check with your host to make sure they haven't restored any files to the server and not told you about it ... ;)
     
    mcadx likes this.
  5. Brandon Sheley

    Brandon Sheley Well-Known Member

    Also did you change your passwords, if you were compromised then the same thing will happen again.
     
    mcadx likes this.
  6. mcadx

    mcadx Member

    I've re-uploaded the files again today, they were from 1.1.3 both times.
     
  7. mcadx

    mcadx Member

    CyclingTribe likes this.
  8. CyclingTribe

    CyclingTribe Well-Known Member

    Hope you (your host) manage to get it sorted. (y)
     
    mcadx likes this.
  9. mcadx

    mcadx Member

    Another tidbit - I just checked the "js" directory on the server, it only has 95 files and weighs in at roughly 800kb. The default 1.1.3 "js" folder is around 2mb with 219 files.
     
  10. mcadx

    mcadx Member

    I take it there's really no official XenForo support available?
     
  11. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Files don't change themselves. Either some one has changed the files (you or your host) or your server is compromised.
     
    mcadx and Walter like this.
  12. CyclingTribe

    CyclingTribe Well-Known Member

    Have you submitted a ticket via the customer area?

    If not, that would be the best way to get "official" support. These forums are for "community" support! (y)
     
    mcadx likes this.
  13. mcadx

    mcadx Member

    Finally have some concrete information. To make a long story short, the web server our forum is on was compromised. The vulnerability has since been fixed and they are working on restoring everything back to full working order.
     
  14. CyclingTribe

    CyclingTribe Well-Known Member

    Sounds good - it's always a relief to get back to normal after something like this. Good luck and hope you get back on an even keel v. soon. (y)
     
    mcadx likes this.
  15. mcadx

    mcadx Member

    Thanks. Me too. Appreciate the input from everyone.
     

Share This Page