XF 2.2 How to check the forum is malware free?

daimpa

Active member
Due to unupdated wordpress plugin/themes, our website got hacked, with hackers gaining admin privileges to our WordPress installation. They were able to add, of course, redirects when clicking in the wordpress pages.
For wordpress, I'll export everything and import all the contents into a new installation. Xenforo doesn't have evidences of hacking, but I want to be 100% sure.

What would you suggest to do in similar situations?

I was thinking about using the import utility to import all the contents into a new installation, but I'm worried this could migrate also malware in case these have been hidden as attachments or similar.
 
If there were additional files or files whose content is not as expected, you would have a notice indicating it in the CPA. Change your passwords, activate 2FA or passkeys and you should be quiet.

Regarding attachments, unless you have authorised formats capable of hosting malware you should be quiet there too. But wait for other confirmations to be more serene.
 
If there were additional files or files whose content is not as expected, you would have a notice indicating it in the CPA
First, thanks for the reply. Do you mean ACP, admin control panel?
And what if they did hide files in the internal data folder? We've a big forum, so millions of files there, and it's not possible to manually check their contents.
 
I want to be 100% sure.

What would you suggest to do in similar situations?

If you really want to be almost 100% sure:

Delete the XenForo installation and all its contents, get an entirely new host and set up a fresh XenForo installation there - from a computer you've never used before not using any online services / credentials (which of course also includes your XenForo customer account) you've ever used before.

But I don't think you want to be really that sure so I'd suggest to get help from a security professional who can check your XenForo installation.
 
Back
Top Bottom