• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 Forum Hacked By Turk Grup

#8
How much do they want to charge for this? All you need to do is restore a backup of your files and database.
I didn't ask ....

I'm on with getting it restored :)


It seems this group target USA hosts .... my bigger issue is how they got in to the forum to replace the index file
 

Jake Bunce

XenForo moderator
Staff member
#11
The file change indicates that the server has been compromised, not XenForo. As Matt said, it is possible that another account on the same server was compromised. On shared servers the entire server can become compromised when one site on that server is compromised. This happened to me once.

Ideally your host should take care of everything. They need to take measures to identify the point of entry and close it, then restore backups as necessary.
 

Adam Howard

Well-known member
#12
It's the host.

They still have php 5.2 installed (as an options) which is over 4 years old.

On someone else's site I was helping, I even found 5.1 still installed as an option (7 years old).

There is also a security flaw, that if you you Google.... You should find easily.


I wouldn't suggest Hostgator until they finally update some of their core software. While php 5.3 is their default, they still have that older stuff there & it makes for one easy target
 
#13
It's the host.

They still have php 5.2 installed (as an options) which is over 4 years old.

On someone else's site I was helping, I even found 5.1 still installed as an option (7 years old).

There is also a security flaw, that if you you Google.... You should find easily.


I wouldn't suggest Hostgator until they finally update some of their core software. While php 5.3 is their default, they still have that older stuff there & it makes for one easy target
Is there a way I can get round this ?
 

SneakyDave

Well-known member
#17
Simon, Hostgater will probably have to tell you what the exploit vector was, and how/if it was patched, whether it was PHP or something else, such as an older version of a software package on one of your neighbor's sites. That is usually the culprit, and the easiest to find and exploit.
 

Adam Howard

Well-known member
#20
Can I just not ask that they put 5.3 on ? or is the problem that others on the shared server could be on 5.2 ?
Most shared host that I come over no longer use php 5.2

The average seems to be on php 5.3 or moving toward 5.4, as 5.5 is already at the RC (Release Candidate) stage ... ie ... It's due to come out soon.

So 5.2 is 3 versions behind (technically).

I would inquire with whatever provider you look into, that you ask if they offer 5.2 If the answer is yes, you should probably look else where.