1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware/Virus less than 12 hours with XF

Discussion in 'XenForo Questions and Support' started by jfp77, Nov 16, 2012.

  1. jfp77

    jfp77 Active Member

    I am trying to be really calm right now. However, just after I had my VB imported to XF, I am contacted by my hosting company saying they are going to drop me because I have a virus/malware/corrupted files. Can someone please help me understand how this could have happened? I am getting really shaky over this because I have customers who are paying to access the site and now all of my domains are being shut down. What could have caused this?
  2. cclaerhout

    cclaerhout Well-Known Member

    Your hosting company is acting a little strange. I had this problem once on vB and mine helped me to clean everything.

    1) You need to check your computer is not infected
    2) You need to delete all account passwords of your ftp client (never store them)
    3) Try in the future to use sftp

    1) Clean everything that has been infected... your hosting company is supposed to help you do that
    2) Change all your main passwords (and choose strong passwords... not ones of 5-6 characters)
    3) Don't share those passwords with people you don't trust
    HWS and jfp77 like this.
  3. jfp77

    jfp77 Active Member

    Okay. Well I had someone import my VB to XF, do you think the virus came from the VB? Or their computer? Or my computer? (I've never had this happen before).

    I'll take sftp into consideration. I didnt even know that was an option.

    My hosting company said that when their terms of service department opens in 2 hours I can talk to them and they will tell me what files are corrupted. I can then hire or have a tech remove the files. If I dont do this, everything will be deleted in 15 days.

    I'll change all my passwords. I guess I need to look into a program that can generate and store passwords for me so that I am not trying to remember them all the time.

    This is an absolute nightmare. I have gone through so much and so much work in the last few days to get this going and I have no energy left to deal with this. I'm sorry for the 'emotional outburst' here. Its 3 in the morning and I can't do anything about it right this second.

    Thanks for your help, I appreciate it.

    ETA: They deactivated my C-Panel, so I can't even get in.
  4. dutchbb

    dutchbb Well-Known Member

    Also, are you running any other scripts on the server? I once got hacked and it infected vB, after it was cleaned we found out they gained access through some cheap/small script. If it would be XF there should be more complaints by other customers by now.

    The best thing to do is let them remove everything (of course keep a backup of databases) and then reinstall with new passwords and clean files.
  5. vVv

    vVv Guest

    dang, that's messed up.. there's Virus Scanner in there I run periodically.. in Advanced section near footer of Cpanel. Can scan whole web directory you have and list infected files.
    jfp77 likes this.
  6. jfp77

    jfp77 Active Member

    Thats what I was wondering. If the Malware was a XF thing, I would have seen it or been warned before I bought it. At least I hope so! Does that mean when I reinstall everything that all my designs will be lost with my forum? I know it sounds lame, but that took me forever to do little tweaks and changes. I don't know if there are scripts running besides wordpress. I have a bunch of wordpress blogs on there, about 5-6 but they are all up to date.
  7. Chris D

    Chris D XenForo Developer Staff Member

    I have never heard the term malware and XenForo used in the same sentence before.

    Mind if I ask who did the import for you? Was it someone reputable?

    Also, get as much information from your hosts ASAP as to what files are corrupted. Tell them you have the software's "support team" (not entirely accurate but we're all here to help) looking into it and we will definitely find the cause and get it fixed ASAP.
    Shelley likes this.
  8. vVv

    vVv Guest

  9. jfp77

    jfp77 Active Member

    I've already contacted him, but SchmitzIT did it and from what I've read he's reputable.
    vVv likes this.
  10. Chris D

    Chris D XenForo Developer Staff Member

    Oh yeah, he is totally reputable. Nothing to worry about where Peter is involved.
    SchmitzIT likes this.
  11. jfp77

    jfp77 Active Member

    Update - They are running the search right now. Once finished they will notify me and I can then log in to see what files are corrupted. They said that sometimes good files can look corrupted, so I'd have to go through and see which ones were really hacked. Once they are deleted, then I'll have to change all my passwords, and they will reinstate my sites/server.

    I have no idea which files are going to be damaged/corrupted. They said they could have wiped the whole thing but wanted to give me the "cleaning out" option to save my forum files or other business related stuff.
  12. Digital Doctor

    Digital Doctor Well-Known Member

    Are you on a shared server ?
    maybe someone else got hacked.
  13. jfp77

    jfp77 Active Member

    Not a shared server. :(
  14. jfp77

    jfp77 Active Member

    Okay, just got the list back of malware/infected items. The good news is that it looks like 99% of them are all VERY old website templates or files that have been inactive on my server. I didn't see any VB or XF files in there. Any suggestions on how I go about deleting all of these? Can I just delete the actual file, or is there more of a deep cleaning process to it to make sure they are really gone. Thanks for your help guys!
  15. MattW

    MattW Well-Known Member

    So you have a company managing your server/vps for you? And they shut down and threatened to delete your whole site? That in itself sounds suspicious to me. The company who provides my VPS has NO access to it at all.
  16. jfp77

    jfp77 Active Member

    Maybe I just have myself confused with terms. I host with a hosting company. They emailed me this morning to say that I have 15 days to remove the malware, or they will drop me from hosting and delete all my files...so now that I know which files are which, I can just go in and start "right clicking > delete" right...?
  17. cclaerhout

    cclaerhout Well-Known Member

    Even if some XenForo or vBulletin files had been infected it didn't imply the problem was coming from them. Some malware can contaminate the files of all your servers.

    > ... your hosting company found the infected files and doesn't help you to delete them??!
    > what is the name of your malware? Try to scan and check your server backups too
    > For strong passwords, you can find many only generators online and even Cpanel has got one (http://strongpasswordgenerator.com you can send you the password inside an email without any more information)
    > For SFTP, ask your hosting company to provide you the ssh port ; you will need to create a key on cPanel (I forgot how to do it, it's been a long time) then use it on your computer.
  18. mike os

    mike os Active Member

    for password storage and generation try something like KeePass (free)
    Chris D likes this.
  19. SchmitzIT

    SchmitzIT Well-Known Member

    The only file we replaced in the upgrade was the /xenforo/import/vbulletin.php file, as the import was a vB4 forum. At the time I performed the import, the vB4 importer was the only add-on installed.

    Jess, if you can PC me the list of files, I can try and investigate for you. I'd say deleting the files is the first step, but it's equally important to determine how infected files ended up on the server, as it might happen again.
    cclaerhout likes this.
  20. jfp77

    jfp77 Active Member

    Okay, everything is FINE. I deleted all of the files on the malware list. They were all old website templates in folders that hadn't been used for years! I did a quick clean up too and got rid of anything that didn't need to be there. I am not savvy with the cpanel tech stuff, but I've learned a great lesson here of keeping your file manager (folders/files) cleaned up and organized. Thanks for all of your help. I am SO thrilled with the response and my new XF forum is wonderful. It is so much easier to use than VB was. Thanks guys!:D
    SchmitzIT, CyclingTribe, vVv and 3 others like this.

Share This Page