Site hijacked

justinhowe

Member
Hi all,

Earlier this month my site was hijacked. It appears somebody dropped a .ftpquota file and default.html file into the root directory, which of course made it so that a links landing page that they developed appeared instead of my site. Deleting those two fixed it, but I'm wondering how they were able to do this.

My current addons are below, and I'm running XF 1.5.11. Any ideas?

upload_2017-4-27_13-33-5.png
 

Brogan

XenForo moderator
Staff member
Uploading files to the domain root would typically require server access.

Unless one of the add-ons you have installed has a backdoor or malicious code, you should be checking to see how they accessed the server.
Inspecting logs may help - your host may be able to assist with that if you are unsure.

You will also need to audit and remove the exploit - that is potentially a difficult task and in the worse case may require a server wipe and rebuild.
 

justinhowe

Member
I should have mentioned "root" is "public_html", not server root. The host is Host Gator shared hosting on Linux.
 

Brogan

XenForo moderator
Staff member
With it being shared hosting, it could be due to any other account on the server, especially ones which have old/insecure versions of software (e.g. WordPress).

You will likely need to get your host involved.
 
Top