1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Forum Hacked By Turk Grup

Discussion in 'Troubleshooting and Problems' started by Simon R, May 20, 2013.

  1. Simon R

    Simon R Member

  2. MattW

    MattW Well-Known Member

    Are you on shared hosting?
     
  3. Simon R

    Simon R Member

    yes
     
  4. Simon R

    Simon R Member

    Arben S on here is looking in to it for me .... I think I replaced the index file with an old one
     
  5. MattW

    MattW Well-Known Member

    I'd suspect the whole hosting server has been comprised based on the index.php replacement via another account on there. What has the host said?
     
    Adam Howard and Jake Bunce like this.
  6. Simon R

    Simon R Member

    typically they have said nothing ...... just tried to get me o purchase a clean up
     
  7. 0ptima

    0ptima Well-Known Member

    How much do they want to charge for this? All you need to do is restore a backup of your files and database.
     
  8. Simon R

    Simon R Member

    I didn't ask ....

    I'm on with getting it restored :)


    It seems this group target USA hosts .... my bigger issue is how they got in to the forum to replace the index file
     
  9. 0ptima

    0ptima Well-Known Member

    Most probably a vulnerability with the host and not XF. Which host is this?
     
  10. Simon R

    Simon R Member

    Hostgator
     
  11. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    The file change indicates that the server has been compromised, not XenForo. As Matt said, it is possible that another account on the same server was compromised. On shared servers the entire server can become compromised when one site on that server is compromised. This happened to me once.

    Ideally your host should take care of everything. They need to take measures to identify the point of entry and close it, then restore backups as necessary.
     
    psTubble27 and Adam Howard like this.
  12. Adam Howard

    Adam Howard Well-Known Member

    It's the host.

    They still have php 5.2 installed (as an options) which is over 4 years old.

    On someone else's site I was helping, I even found 5.1 still installed as an option (7 years old).

    There is also a security flaw, that if you you Google.... You should find easily.


    I wouldn't suggest Hostgator until they finally update some of their core software. While php 5.3 is their default, they still have that older stuff there & it makes for one easy target
     
    Simon R likes this.
  13. Simon R

    Simon R Member

    Is there a way I can get round this ?
     
  14. Simon R

    Simon R Member

    This is what I'm running
    Screen shot 2013-05-22 at 15.55.39.png
     
  15. Adam Howard

    Adam Howard Well-Known Member

    Switch host.

    Someone who doesn't still offer php 5.2

    hostgator.png
     
    Simon R likes this.
  16. Adam Howard

    Adam Howard Well-Known Member

    php 5.2.17 .....As noted in your own screen shot... It is not secure (safe)

    Time to find a new host. Even if you switch to php 5.3, 5.2 would still be on the server. And whatever is on the server, no matter if used or not, is still hackable.
     
  17. SneakyDave

    SneakyDave Well-Known Member

    Simon, Hostgater will probably have to tell you what the exploit vector was, and how/if it was patched, whether it was PHP or something else, such as an older version of a software package on one of your neighbor's sites. That is usually the culprit, and the easiest to find and exploit.
     
    0ptima likes this.
  18. Simon R

    Simon R Member

    Can I just not ask that they put 5.3 on ? or is the problem that others on the shared server could be on 5.2 ?
     
  19. Simon R

    Simon R Member

    Sorry cross posted .... They investigated and could find no reason apparently why I was hacked
     
  20. Adam Howard

    Adam Howard Well-Known Member

    Most shared host that I come over no longer use php 5.2

    The average seems to be on php 5.3 or moving toward 5.4, as 5.5 is already at the RC (Release Candidate) stage ... ie ... It's due to come out soon.

    So 5.2 is 3 versions behind (technically).

    I would inquire with whatever provider you look into, that you ask if they offer 5.2 If the answer is yes, you should probably look else where.
     

Share This Page