XF 1.1 Forum Hacked By Turk Grup

Simon R

Member
I'd suspect the whole hosting server has been comprised based on the index.php replacement via another account on there. What has the host said?
typically they have said nothing ...... just tried to get me o purchase a clean up
 

Simon R

Member
How much do they want to charge for this? All you need to do is restore a backup of your files and database.
I didn't ask ....

I'm on with getting it restored :)


It seems this group target USA hosts .... my bigger issue is how they got in to the forum to replace the index file
 

Jake Bunce

XenForo moderator
Staff member
The file change indicates that the server has been compromised, not XenForo. As Matt said, it is possible that another account on the same server was compromised. On shared servers the entire server can become compromised when one site on that server is compromised. This happened to me once.

Ideally your host should take care of everything. They need to take measures to identify the point of entry and close it, then restore backups as necessary.
 

Adam Howard

Well-known member
Hostgator
It's the host.

They still have php 5.2 installed (as an options) which is over 4 years old.

On someone else's site I was helping, I even found 5.1 still installed as an option (7 years old).

There is also a security flaw, that if you you Google.... You should find easily.


I wouldn't suggest Hostgator until they finally update some of their core software. While php 5.3 is their default, they still have that older stuff there & it makes for one easy target
 

Simon R

Member
It's the host.

They still have php 5.2 installed (as an options) which is over 4 years old.

On someone else's site I was helping, I even found 5.1 still installed as an option (7 years old).

There is also a security flaw, that if you you Google.... You should find easily.


I wouldn't suggest Hostgator until they finally update some of their core software. While php 5.3 is their default, they still have that older stuff there & it makes for one easy target
Is there a way I can get round this ?
 

SneakyDave

Well-known member
Simon, Hostgater will probably have to tell you what the exploit vector was, and how/if it was patched, whether it was PHP or something else, such as an older version of a software package on one of your neighbor's sites. That is usually the culprit, and the easiest to find and exploit.
 

Simon R

Member
Can I just not ask that they put 5.3 on ? or is the problem that others on the shared server could be on 5.2 ?
 

Adam Howard

Well-known member
Can I just not ask that they put 5.3 on ? or is the problem that others on the shared server could be on 5.2 ?
Most shared host that I come over no longer use php 5.2

The average seems to be on php 5.3 or moving toward 5.4, as 5.5 is already at the RC (Release Candidate) stage ... ie ... It's due to come out soon.

So 5.2 is 3 versions behind (technically).

I would inquire with whatever provider you look into, that you ask if they offer 5.2 If the answer is yes, you should probably look else where.
 
Top