1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 vunrability

Discussion in 'Troubleshooting and Problems' started by Brad P, Apr 24, 2015.

  1. Brad P

    Brad P Active Member

    Evening all,

    Not sure if my site is being attacked but my host has confirmed it's not a DDOS

    it's being attacked using a vunrability on the website on the index.php

    What can I do?
  2. Brogan

    Brogan XenForo Moderator Staff Member

    How is it being attacked exactly?

    How has your host determined it is due to index.php?
  3. Brad P

    Brad P Active Member

    Picture below is from my host.

    Attached Files:

  4. Brad P

    Brad P Active Member

    The people looking at it that told my host was Cisco
  5. Sheratan

    Sheratan Well-Known Member

    What is a connection between fail2ban and index.php? A brute force to your xenforo login?
  6. Brogan

    Brogan XenForo Moderator Staff Member

    You haven't actually posted any details other than a very poorly worded message from your host who appears to be trying to sell you something.
  7. Mike

    Mike XenForo Developer Staff Member

    I'm very much not clear on what they're claiming the issue is. Fail2ban is generally used to attach failed logins (usually SSH) to iptables to block brute force attempts. What are they saying is actually happening?

    If it's just a lot of hits to index.php, that would indicate your traffic is much higher and that may indeed be a (D)DoS, though targeted at layer 7 (the app) rather than layer 3 (the network). Traditional DDoS mitigations don't really handle layer 7 attacks. They potentially need to be mitigated individually by identifying the signature and blocking the requests. This generally needs to be done at steps above the application (such as in iptables; the farther the request gets in, the less effective mitigation is).

Share This Page