XF 1.5 Hacker prevention question

[Randydrew6]

I know ******* has been hacking me, I've put up measures to stop them but it keeps happening. I have tried to look for someone to help and came across this website, http://www.forumcube.com/services/forum-malware-virus-removal/

The page looks very familiar to *******s service, and they are the ones hacking me, are these owned by the same person? forumcube trustworthy? It would cost me $1,000 to have my site fixed by them, I don't want to pay that much just to have them hack me again.

Anyone ever use forumcube before?

 

[CarpCharacin]

*******'s resources were removed from here over a year ago.

 

[Randydrew6]

*******'s resources were removed from here over a year ago.

I know, I have been getting hacked by them for over a year. I keep writing scripts to remove any changes they make to the site but they keep getting smarter. My server refuses to help me anymore because it's too much for them. That's why I want a professional to do it but I don't want to pay $1,000 if it's going to be hacked again by them. So is forumcube reliable?

 

[CarpCharacin]

I don't know. I haven't heard much about them. Have you uninstalled all the ******* addons you had installed?

 

[Randydrew6]

I haven't I don't think that would do any good, they are able to get into my ftp and also edit my templates on my site

 

[CarpCharacin]

Then change your FTP password!

 

[Randydrew6]

Then change your FTP password!

I have no idea how to go about doing that and my server support is no longer helping me

 

[Amaury]

@MattW or @Tracy Perry may be able to help you here. They're server experts.

 

[CarpCharacin]

If you are concerned about the add-ons doing something malicious, you NEED to uninstall them.

 

[Randydrew6]

@MattW I have heard your name twice now. Once from @Bob and now from @Amaury Would you be able to help me fix this hack?

 

[Fred.]

Uninstall all the add-ons from them, upload all your XF and other add-on files again and change all your passwords!

 

[Randydrew6]

Uninstall all the add-ons from them, upload all your XF and add-on files again and change all your passwords!

i've done this in the past, doesn't stop them

 

[CarpCharacin]

i've done this in the past, doesn't stop them

So you reinstalled the add-ons?!

 

[JustinHawk]

i've done this in the past, doesn't stop them

set you main folder directory (httpdocs or public_html) permission to like this >> http://prntscr.com/dlm24z , it will prevent execution of any uploaded virus/infected file on your server, after that download backup of your website and compare files with original files and find bad stuff present on server and remove them

Close FTP ports also if not required.

BTW what type of hosting you have ?

EDIT : Changing permission will not affect you website working

 

[Fred.]

So you reinstalled the add-ons?!

Just the normal add-ons, Delete all the add-ons and data from them.

 

[CarpCharacin]

Just the normal add-ons, Delete all the add-ons and data from them.

I am talking about the ******* add-ons.

 

[Randydrew6]

set you main folder directory (httpdocs or public_html) permission to like this >> http://prntscr.com/dlm24z , it will prevent execution of any uploaded virus/infected file on your server, after that download backup of your website and compare files with original files and find bad stuff present on server and remove them

Close FTP ports also if not required.

BTW what type of hosting you have ?

EDIT : Changing permission will not affect you website working

I am using Dynaboot for hosting, it's just $10 a month and seems to work fine, bought it from a friend a year ago and he had the site for 4 years. He never had any issues but then again I've made the site much more successful than he ever has. I don't understand what you mean by closing FTP ports though but I did set the main directory to only be executed. I also have a script running on a vps that replaces all main files on xenforo ever 15 minutes from a backup that wasn't infected. This was stopping it for awhile.

Edit: Setting the main directory to only execute was a mistake, it lead to a 403 error so I had to revert it and I made it all just read/execute

 

[TPerry]

i've done this in the past, doesn't stop them

Have you thought about setting it up new and then importing your old DB (users/posts/etc) as an import from an existing XF install. You'd have to restyle everything - and then you'd need to delete the old files (which if you are on cPanel you would need to do anyway to upload back to your existing domain). That way the only DB data that gets imported is XF specific and no add-0ns. Then reinstall your add-ons with the exception of Mr. HackTastic's crap.

 

[JustinHawk]

Edit: Setting the main directory to only execute was a mistake, it lead to a 403 error so I had to revert it and I made it all just read/execute

execute was there for world ? it should not cause any issue i have this for my own website and revert it only while installing some new addons or upgrade. anyhow leave it if it dont work.

but you should download your website files and start comparing files if dont want to loose data otherwise perform xf to xf import.
From closing FTP port i meant block traffic on Your port 21 of server and also change SSH port if there.

any panel you are using to manage your VPS ?