XF 1.4 vunrability

[Brad P]

Evening all,

Not sure if my site is being attacked but my host has confirmed it's not a DDOS

it's being attacked using a vunrability on the website on the index.php

What can I do?

 

[Paul B]

How is it being attacked exactly?

How has your host determined it is due to index.php?

 

[Brad P]

Picture below is from my host.

 

[Brad P]

The people looking at it that told my host was Cisco

 

[Sheratan]

What is a connection between fail2ban and index.php? A brute force to your xenforo login?

 

[Paul B]

You haven't actually posted any details other than a very poorly worded message from your host who appears to be trying to sell you something.

 

[Mike]

I'm very much not clear on what they're claiming the issue is. Fail2ban is generally used to attach failed logins (usually SSH) to iptables to block brute force attempts. What are they saying is actually happening?

If it's just a lot of hits to index.php, that would indicate your traffic is much higher and that may indeed be a (D)DoS, though targeted at layer 7 (the app) rather than layer 3 (the network). Traditional DDoS mitigations don't really handle layer 7 attacks. They potentially need to be mitigated individually by identifying the signature and blocking the requests. This generally needs to be done at steps above the application (such as in iptables; the farther the request gets in, the less effective mitigation is).