Site hijacked

[justinhowe]

Hi all,

Earlier this month my site was hijacked. It appears somebody dropped a .ftpquota file and default.html file into the root directory, which of course made it so that a links landing page that they developed appeared instead of my site. Deleting those two fixed it, but I'm wondering how they were able to do this.

My current addons are below, and I'm running XF 1.5.11. Any ideas?

 

[Paul B]

Uploading files to the domain root would typically require server access.

Unless one of the add-ons you have installed has a backdoor or malicious code, you should be checking to see how they accessed the server.
Inspecting logs may help - your host may be able to assist with that if you are unsure.

You will also need to audit and remove the exploit - that is potentially a difficult task and in the worse case may require a server wipe and rebuild.

 

[Brent W]

Depending on your server setup there could be multiple points of entry.

 

[justinhowe]

I should have mentioned "root" is "public_html", not server root. The host is Host Gator shared hosting on Linux.

 

[Paul B]

With it being shared hosting, it could be due to any other account on the server, especially ones which have old/insecure versions of software (e.g. WordPress).

You will likely need to get your host involved.