1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 redir.php downloaded from my forum after logging in.

Discussion in 'Troubleshooting and Problems' started by 1im, Aug 25, 2015.

  1. 1im

    1im Member

    I never had this issue before. After the first time, I cleared my cache as I thought it may have been some weird issue but I have received it again right afterwards. It happened after I logged into my forum.

    ehhhh.png

    I opened the file and it seems to have some sort of gif header.
     
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Can you attach the file or is it too large?
     
    1im likes this.
  3. 1im

    1im Member

     
  4. 1im

    1im Member

    Well can't attach, no php, no txt allowed. Can't add all uni characters in quote.
     
  5. 1im

    1im Member

  6. 1im

    1im Member

  7. Coop1979

    Coop1979 Well-Known Member

    Do a search through your templates for anything with redir.php, or a string from the uni characters.
     
  8. 1im

    1im Member

    which UNI chars? The one's in the file?
     
  9. Coop1979

    Coop1979 Well-Known Member

    Yes. Also search through the files in your XenForo forum directory.
     
  10. Mike

    Mike XenForo Developer Staff Member

    First step would be checking the file health check to see if anything appears there.
     
    1im and Coop1979 like this.
  11. 1im

    1im Member

    No issue's there except showing no files in my install directory is there which is expected since I delete the directory after every install/update.
     
  12. Mike

    Mike XenForo Developer Staff Member

    It could be injected at the server level (worth noting that I didn't see any requests for it when I loaded the page). In terms of XF, the best you can really do is ensure there aren't any unexpected files (which won't be checked by the file health check, though they won't be loaded automatically) and rebuild the master data via /install/. Ideally, you'd want to restore a backup (files and database) from prior to the issue occurring to ensure nothing is untoward.
     

Share This Page