Malware/Virus less than 12 hours with XF

jfp77

Active member
I am trying to be really calm right now. However, just after I had my VB imported to XF, I am contacted by my hosting company saying they are going to drop me because I have a virus/malware/corrupted files. Can someone please help me understand how this could have happened? I am getting really shaky over this because I have customers who are paying to access the site and now all of my domains are being shut down. What could have caused this?
 
Your hosting company is acting a little strange. I had this problem once on vB and mine helped me to clean everything.

ON LOCAL
1) You need to check your computer is not infected
2) You need to delete all account passwords of your ftp client (never store them)
3) Try in the future to use sftp

ON YOUR WEBSITE
1) Clean everything that has been infected... your hosting company is supposed to help you do that
2) Change all your main passwords (and choose strong passwords... not ones of 5-6 characters)
3) Don't share those passwords with people you don't trust
 
Okay. Well I had someone import my VB to XF, do you think the virus came from the VB? Or their computer? Or my computer? (I've never had this happen before).

I'll take sftp into consideration. I didnt even know that was an option.

My hosting company said that when their terms of service department opens in 2 hours I can talk to them and they will tell me what files are corrupted. I can then hire or have a tech remove the files. If I dont do this, everything will be deleted in 15 days.

I'll change all my passwords. I guess I need to look into a program that can generate and store passwords for me so that I am not trying to remember them all the time.

This is an absolute nightmare. I have gone through so much and so much work in the last few days to get this going and I have no energy left to deal with this. I'm sorry for the 'emotional outburst' here. Its 3 in the morning and I can't do anything about it right this second.

Thanks for your help, I appreciate it.

ETA: They deactivated my C-Panel, so I can't even get in.
 
Also, are you running any other scripts on the server? I once got hacked and it infected vB, after it was cleaned we found out they gained access through some cheap/small script. If it would be XF there should be more complaints by other customers by now.

The best thing to do is let them remove everything (of course keep a backup of databases) and then reinstall with new passwords and clean files.
 
Also, are you running any other scripts on the server? I once got hacked and it infected vB, after it was cleaned we found out they gained access through some cheap/small script. If it would be XF there should be more complaints by other customers by now.

The best thing to do is let them remove everything (of course keep a backup of databases) and then reinstall with news passwords and clean files.

Thats what I was wondering. If the Malware was a XF thing, I would have seen it or been warned before I bought it. At least I hope so! Does that mean when I reinstall everything that all my designs will be lost with my forum? I know it sounds lame, but that took me forever to do little tweaks and changes. I don't know if there are scripts running besides wordpress. I have a bunch of wordpress blogs on there, about 5-6 but they are all up to date.
 
I have never heard the term malware and XenForo used in the same sentence before.

Mind if I ask who did the import for you? Was it someone reputable?

Also, get as much information from your hosts ASAP as to what files are corrupted. Tell them you have the software's "support team" (not entirely accurate but we're all here to help) looking into it and we will definitely find the cause and get it fixed ASAP.
 
Update - They are running the search right now. Once finished they will notify me and I can then log in to see what files are corrupted. They said that sometimes good files can look corrupted, so I'd have to go through and see which ones were really hacked. Once they are deleted, then I'll have to change all my passwords, and they will reinstate my sites/server.

I have no idea which files are going to be damaged/corrupted. They said they could have wiped the whole thing but wanted to give me the "cleaning out" option to save my forum files or other business related stuff.
 
Okay, just got the list back of malware/infected items. The good news is that it looks like 99% of them are all VERY old website templates or files that have been inactive on my server. I didn't see any VB or XF files in there. Any suggestions on how I go about deleting all of these? Can I just delete the actual file, or is there more of a deep cleaning process to it to make sure they are really gone. Thanks for your help guys!
 
So you have a company managing your server/vps for you? And they shut down and threatened to delete your whole site? That in itself sounds suspicious to me. The company who provides my VPS has NO access to it at all.

Maybe I just have myself confused with terms. I host with a hosting company. They emailed me this morning to say that I have 15 days to remove the malware, or they will drop me from hosting and delete all my files...so now that I know which files are which, I can just go in and start "right clicking > delete" right...?
 
Even if some XenForo or vBulletin files had been infected it didn't imply the problem was coming from them. Some malware can contaminate the files of all your servers.

> ... your hosting company found the infected files and doesn't help you to delete them??!
> what is the name of your malware? Try to scan and check your server backups too
> For strong passwords, you can find many only generators online and even Cpanel has got one (http://strongpasswordgenerator.com you can send you the password inside an email without any more information)
> For SFTP, ask your hosting company to provide you the ssh port ; you will need to create a key on cPanel (I forgot how to do it, it's been a long time) then use it on your computer.
 
The only file we replaced in the upgrade was the /xenforo/import/vbulletin.php file, as the import was a vB4 forum. At the time I performed the import, the vB4 importer was the only add-on installed.

Jess, if you can PC me the list of files, I can try and investigate for you. I'd say deleting the files is the first step, but it's equally important to determine how infected files ended up on the server, as it might happen again.
 
Okay, everything is FINE. I deleted all of the files on the malware list. They were all old website templates in folders that hadn't been used for years! I did a quick clean up too and got rid of anything that didn't need to be there. I am not savvy with the cpanel tech stuff, but I've learned a great lesson here of keeping your file manager (folders/files) cleaned up and organized. Thanks for all of your help. I am SO thrilled with the response and my new XF forum is wonderful. It is so much easier to use than VB was. Thanks guys!:D
 
Top Bottom