1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Some idiot keep uploading files to the SERVICE DIR how to avoid?

Discussion in 'Troubleshooting and Problems' started by fionix, Jul 11, 2016.

  1. fionix

    fionix Member

    There is some script kiddi that is keep uploading movies to the SERVICE director in the XF directory.

    I have renamed the DIR now to see if the forum still works if I would remove the directory entirely, it seem it still works just fine.

    Can someone let me know what the SERVICE directory is used for?

  2. Chris D

    Chris D XenForo Developer Staff Member

    The Zend/Service directory will be accessed by some XF functions.

    Notably our ReCaptcha, Twitter and Akismet integrations.

    You may not use all of them, however, regardless of this the behaviour you are describing is concerning to say the least.

    You need to put some serious effort into identifying how they are making that directory accessible. This is almost certainly something you should make your host aware of as they may be able to shed some light via their logs as to how this is being accessed, by who and when, which may be part of the process of identifying how it is happening and how to stop it.

    Your host will likely have more advice, but be sure to audit all of the access to your site including cPanel and FTP and reset all of your login details for everything.
  3. fionix

    fionix Member

    The problem is the HOST gives a S... about it, they provide servers and the rest is up to you :D There is Plesk and a Firewall installed so it's possible to do some scuring of the server.. will have to search the logs and see if I can find something. SSH is closed so FTP may be the way they get in, don't know will have to see.. the LOG is insane big :)
  4. Tracy Perry

    Tracy Perry Well-Known Member

    Is this a Windows server using Plesk?
  5. fionix

    fionix Member

    Nope Linux
  6. Tracy Perry

    Tracy Perry Well-Known Member

    Check your permissions. Make sure they are 644 for the files and 755 for the /library and all subdirectories and files. It sounds like you have slight misconfiguration.
  7. fionix

    fionix Member

    They are set like this.. it is always in the ZEND DIR and DIR's within there they place these videos!
  8. adwade

    adwade Active Member

    My first thought is I would be running Tripwire, to audit what is going on in every directory, not just the SERVICE directory. My second thought is you might want to consider running PHP Mussel to help protect against any really undesirable uploads.(Info Thread here)
    Last edited: Jul 13, 2016
  9. fionix

    fionix Member

    Thanks for the software recommandation. I have tried to figure out with TripWire but it seems it's not free and for nerds :D
  10. teletubbi

    teletubbi Active Member

  11. adwade

    adwade Active Member

    It's fairly simple to install, just put the tripwire.php & tripwire_config.php files into the root directory of your website.(i.e. same directory that your Xenforo index.php is in)

    Then add your email to the tripwire_config.php file
       'email' => array(
          'to' => array(            // Email these people on changes
            'your_email@yourwebsite.com'  // 'user@server.com'
    Lastly then, you just visit the URL http://www.yourwebsite.com/tripwire.php to invoke it whenever you want to check on what has changed.
    fionix likes this.

Share This Page