XF 1.5 redir.php downloaded from my forum after logging in.

I never had this issue before. After the first time, I cleared my cache as I thought it may have been some weird issue but I have received it again right afterwards. It happened after I logged into my forum.


I opened the file and it seems to have some sort of gif header.
First step would be checking the file health check to see if anything appears there.
No issue's there except showing no files in my install directory is there which is expected since I delete the directory after every install/update.


XenForo developer
Staff member
It could be injected at the server level (worth noting that I didn't see any requests for it when I loaded the page). In terms of XF, the best you can really do is ensure there aren't any unexpected files (which won't be checked by the file health check, though they won't be loaded automatically) and rebuild the master data via /install/. Ideally, you'd want to restore a backup (files and database) from prior to the issue occurring to ensure nothing is untoward.