• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 Index.html security breach

#1
Hey, so recently my forums framepvp.com has been "hacked"/exploited. Someone has been able to change the actual website into what ever the exploiter wants without the help of a person with admin privileges.

After removing index.html the forums turns back to normal but the person can repeat the same procedure to make it happen again.
Have I forgot something in the installation? I don't know.
Please help
 

Liam W

Well-known member
#2
Sounds to me like someone accessed your FTP and uploaded a index.html file.

index.html is looked for before index.php when looking for an index page.

Liam
 

Brogan

XenForo moderator
Staff member
#3
Are you on shared hosting?

Do you have anything else installed other then XenForo; WordPress for example?
 
#4
Hello, i'm only running a minecraft server on it, and i'm positive no one has access to FTP but me considering I changed the FTP login password today.
I'm not on shared hosting
 

EQnoble

Well-known member
#5
Hello, i'm only running a minecraft server on it, and i'm positive no one has access to FTP but me considering I changed the FTP login password today.
I'm not on shared hosting
A quick qoogle search says there was recently an exploit discovered in that game's server software and according to the article people who use it should patch quickly. According to the article the exploit would allow a malicious person to gain any users access to your web server through the exploit in the game server software and therefor could be the way a person gained access to add a file and do whatever they did if that is in fact the case.
 
#6
A quick qoogle search says there was recently an exploit discovered in that game's server software and according to the article people who use it should patch quickly. According to the article the exploit would allow a malicious person to gain any users access to your web server through the exploit in the game server software and therefor could be the way a person gained access to add a file and do whatever they did if that is in fact the case.
Is this a troll?
 

EQnoble

Well-known member
#10
It is an offering to you of a place to look for the root of your actual problem.

You are running a minecraft server and when I saw that I googled 'minecraft server exploit' and found articles posted within the past couple of days.

So no, and no...I do not support trolling, if you feel that I was trolling there then I will refrain from helping you at all and leave you with a note that you should probably check the site the distributes the software you are running for your game and ask those questions there since it should be obvious that if you are running a game software on your webserver that it could present a vector for attack.

Good luck.