• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

JQuery Problem/Threat Detected

Chris D

XenForo developer
Staff member
#7
This all looks very suspicious.

I think you may have had your server compromised, if I had to speculate.

Obviously we can't be sure, but there's a few things that don't quite add up here.

First step to return to normality...

Download version 1.1.3 of XenForo (full not upgrade) and re-upload all of the files.

That will hopefully replace any files that have been tampered with.

There's every chance that the files will get tampered with again, though, so even the above steps may fix the site, it won't necessarily mean it won't happen again.
 

tenants

Well-known member
#8
Looks like a compromise, there's a chance the compromise was similar to yours Chris (and that was an issue with the Server configuration, not XenForo).

What server platform / OS / are you using and are you self /dedicated hosting (or does a host look after security / versions )?

Would you happen to be using Nginx?
 
#9
I'm contacting my server host to see if there any problems and requested it moving to a new server.

My host is Vidahost. Never had this problem until recently.
 
#11
Yes, Vidahost does use Nginx, I'll send you a pm about something.. forward it to them, it might/might not help
Hi Tenants, thanks for the PM - I have forwarded this to support at Vidahost.

Sods law as my site is back to normal - but I replaced the files again and health check showed a problem with '/js/WidgetFramework/function.js' - I re uploaded that file and health check doesn't report anything now.

So, I'm still at a loss. Guess I just have to see if the problem happens again..?
 
#13
So after a week or so with no problems - it has now returned...

File Health Check shows this?

  1. js/flot/jquery.flot.threshold.min.js File does not contain expected contents.
  2. js/flot/excanvas.min.js File does not contain expected contents.
  3. js/flot/jquery.flot.image.min.js File does not contain expected contents.
  4. js/flot/jquery.flot.crosshair.min.js File does not contain expected contents.
  5. js/flot/jquery.flot.resize.min.js File does not contain expected contents.
  6. js/flot/jquery.colorhelpers.min.js File does not contain expected contents.
  7. js/flot/jquery.flot.min.js File does not contain expected contents.
  8. js/flot/jquery.flot.fillbetween.min.js File does not contain expected contents.
  9. js/flot/jquery.flot.navigate.min.js File does not contain expected contents.
  10. js/jquery/jquery.xenforo.rollup.js File does not contain expected contents.
  11. js/tinymce/jquery.tinymce.js File does not contain expected contents.
  12. js/tinymce/utils/form_utils.js File does not contain expected contents.
  13. js/tinymce/utils/editable_selects.js File does not contain expected contents.
  14. js/tinymce/tiny_mce_popup.js File does not contain expected contents.
  15. js/xenforo/comments_simple.js File does not contain expected contents.
  16. js/xenforo/full/comments_simple.js File does not contain expected contents.
  17. js/xenforo/full/style_property_editor.js File does not contain expected contents.
  18. js/xenforo/full/news_feed.js File does not contain expected contents.
  19. js/xenforo/full/rating.js File does not contain expected contents.
  20. js/xenforo/full/feed_preview.js File does not contain expected contents.
  21. js/xenforo/full/options_censor.js File does not contain expected contents.
  22. js/xenforo/full/event_listener.js File does not contain expected contents.
  23. js/xenforo/full/template_edit.js File does not contain expected contents.
  24. js/xenforo/full/avatar_editor.js File does not contain expected contents.
  25. js/xenforo/full/lightbox.js File does not contain expected contents.
  26. js/xenforo/full/sidebar.js File does not contain expected contents.
  27. js/xenforo/full/acp_quicksearch.js File does not contain expected contents.
  28. js/xenforo/full/discussion.js File does not contain expected contents.
  29. js/xenforo/full/inline_mod.js File does not contain expected contents.
  30. js/xenforo/full/title_prefix.js File does not contain expected contents.
  31. js/xenforo/full/cache_rebuild.js File does not contain expected contents.
  32. js/xenforo/full/color_picker.js File does not contain expected contents.
  33. js/xenforo/full/spam_cleaner.js File does not contain expected contents.
  34. js/xenforo/full/personal_details_editor.js File does not contain expected contents.
  35. js/xenforo/full/quick_reply_profile.js File does not contain expected contents.
  36. js/xenforo/full/follow.js File does not contain expected contents.
  37. js/xenforo/rating.js File does not contain expected contents.
  38. js/xenforo/feed_preview.js File does not contain expected contents.
  39. js/xenforo/smiley_editor.js File does not contain expected contents.
  40. js/xenforo/acp_forum_editor.js File does not contain expected contents.
  41. js/xenforo/conversation_invite.js File does not contain expected contents.
  42. js/xenforo/form_filler.js File does not contain expected contents.
  43. js/xenforo/event_listener.js File does not contain expected contents.
  44. js/xenforo/avatar_editor.js File does not contain expected contents.
  45. js/xenforo/lightbox.js File does not contain expected contents.
  46. js/xenforo/sidebar.js File does not contain expected contents.
  47. js/xenforo/discussion.js File does not contain expected contents.
  48. js/xenforo/inline_mod.js File does not contain expected contents.
  49. js/xenforo/title_prefix.js File does not contain expected contents.
  50. js/xenforo/cache_rebuild.js File does not contain expected contents.
  51. js/xenforo/color_picker.js File does not contain expected contents.
  52. js/xenforo/acp_login.js File does not contain expected contents.
  53. js/xenforo/filter_list.js File does not contain expected contents.
  54. js/xenforo/personal_details_editor.js File does not contain expected contents.
  55. fb_channel.php File does not contain expected contents.
  56. library/XenForo/Html/Parser.php File does not contain expected contents.
  57. library/XenForo/ControllerPublic/Member.php File does not contain expected contents.
  58. library/XenForo/ControllerPublic/Login.php File does not contain expected contents.
  59. library/XenForo/DataWriter/User.php File does not contain expected contents.
  60. library/Sabre/Sabre.autoload.php File does not contain expected contents.
  61. library/Sabre/Sabre.includes.php File does not contain expected contents.
  62. library/Lgpl/utf8.php File does not contain expected contents.
  63. library/XFCliImporter/import.php File does not contain expected contents.
  64. install/data/index.html File does not contain expected contents.
What can keep causing such an issue?