XF 2.2 guest IP is from my server, am I hacked?

realaqu · Aug 20, 2022

When I looked at the guest ip list this morning, I found one guest's IP is my hosting server's IP, it is running on an old centos 6 for many years, is it normal or I m hacked, any inputs?

duderuud · Aug 21, 2022

CentOS6? Really? That went eol in 2020 so yeah, high probability your server is hacked.
Create a backup of your DB and web files, reinstall your server asap and import your data.

And check your files to see if they are compromised .

mattrogowski · Aug 21, 2022

It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.

realaqu · Aug 21, 2022

duderuud said:
CentOS6? Really? That went eol in 2020 so yeah, high probability your server is hacked.
Create a backup of your DB and web files, reinstall your server asap and import your data.

And check your files to see if they are compromised .

Any recommendation? How about Ubuntu 20.04?

realaqu · Aug 21, 2022

mattrogowski said:
It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.

Thanks, that make sense, I ll keep watching on it

duderuud · Aug 21, 2022

mattrogowski said:
It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.

Agreed. But a supported OS is the more pressing matter for now...

XF 2.2 guest IP is from my server, am I hacked?

realaqu

Active member

duderuud

Well-known member

mattrogowski

Well-known member

realaqu

Active member

realaqu

Active member

duderuud

Well-known member

We value your privacy