1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rebels Team. Hacked

Discussion in 'Off Topic' started by Ross Hardy, Aug 18, 2013.

  1. Ross Hardy

    Ross Hardy Member

    Hey there.

    So today while I was out at work, a -very stupid- team of hackers decided to target my forums. Our FTP is VERY secure, they could not have had any way of getting through my FTP. This leads me to believe that they found some leak or loophole in the PHP of xenforo, considering every site they use is PHP based.

    Here is some hotlinks:
    The index.php they used (Via mediafire)
    The index.php in action on my forums
    Their facebook where they have a wall of hacked sites
    Their photobucket where half their images are kept

    I am not 100% sure how they did it, they may have very well got our FTP; However I am sure if they did that, they'd have damaged much more than our index.php. Replacing their hacked index.php with the original was all that needed doing.

    You may well already be aware of this, if so I am sorry, I did quick search "rebel" to see if this was a dupe post.

    Thanks - And good luck :)
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Are you on a shared server?

    How do you know they didn't compromise the server itself?

    Have you checked the server logs to see who accessed what and when?
  3. Ross Hardy

    Ross Hardy Member

    Eyhhh. I am looking into it, done a lot of research on it already. This may very well not be an issue of xenforo, I don't directly have access to the logs at this moment but I will be looking when I can get the access.

    The site we use is on a hosting plan, not a dedicated machine if that is what you mean. As I said, I am not 100% sure how they did this, I just wanted to raise this to everyones attention, as it looks like a paid service, it could happen to everyone or anyone.
  4. Brogan

    Brogan XenForo Moderator Staff Member

    You should contact your host and ask them how they gained access.

    My guess is either the server itself was compromised, possibly from another account, or one of your admin passwords was.

    In three years there have been no reports of the XenForo software being vulnerable to hacking.
    Jeremy P, JVCode, MattW and 2 others like this.
  5. borbole

    borbole Well-Known Member

    Indeed, there are no known security issues with xenforo. What other scripts do you have installed in your server space besides xenforo?

    If I were you, I would contact the host as well so they can check the access logs for around of the time of the hack and to see what went down and how it did.
    Ross Hardy likes this.
  6. Ross Hardy

    Ross Hardy Member

    Nothing. Only the forums are on our server. However I trust in the integrity of your words Brogan and Borbole, I will indeed look into this further when I can.

    In the mean time, instead of this being a bug report then, take it as a warning. I felt it my duty to try at least get a message about these prats before someone else falls victim. If you check that facebook link, it implies they do it for a hobby/job as their bank balance is over 2k, and means they do it on request.
  7. MattW

    MattW Well-Known Member

    The fact you are on a shared hosting plan and what was done was an index replacement, suggests what @Brogan said about another site on the hosting server being compromised, and gained access to all the other accounts on the box.
    Ross Hardy likes this.
  8. alistaire_alist

    alistaire_alist New Member

    You just saved my life there.
    A little while this post, but : did you find finally how they managed to get in ? Some of websites I managed got hacked.
    Thanks for the replies
  9. Ross Hardy

    Ross Hardy Member

    I can't remember the result if I am completely honest. My host said there was no sign of malicious assault and no one else but me reported this happening on the box.

    Did you get hacked by the same team?
  10. The Forum Heroes

    The Forum Heroes Well-Known Member

    We host some large communities along with our share of controversial forums, all on our shared hosting platform. We have never had a client hacked or defaced. You can be rest assured that xenForo is very safe and secure. It is infact one of the best written PHP application. From the screenshots, it seems your account wasn't compermised, it was defaced by PHP injection from either an application within your account or via another clients account, indicating your hosts server is not very secure. Do you have any other PHP applications on your account like maybe WordPress, webmail or maybe a PHP ad server?
  11. alistaire_alist

    alistaire_alist New Member

    thanks for the prompt reply.Yes, same people, they hacked the websites as they were on one shared hosting. I contacted our host, they never replied neither looked into it, we wanted to know how they did it before we deinstall and reinstall , but your post saved us some time

Share This Page