XF 1.4 Xenforo Shell found

C

Console Crunch

Member
Hello,

I have found a shell on this directory Called Controller.php

internal_data/attachments/0/Controller.php

How has been added? only my ip has access into my ftp to avoid possible hackers

This file not exist on my last backup so is recently

I just deleted all extensions allowed on the Attachments options
 
Sort by date Sort by votes
Look like an hack attempt.

Won't be successful, because /internal_data cannot be accessed from outside (if you setup XenForo correctly).

I recommend to bring your server offline and check it completely for any trojans and backdoors.

How you setup your FTP is not very important for hackers trying to access your server.
 
Upvote 0 Downvote
HWS said:
Look like an hack attempt.

Won't be successful, because /internal_data cannot be accessed from outside (if you setup XenForo correctly).

I recommend to bring your server offline and check it completely for any trojans and backdoors.

How you setup your FTP is not very important for hackers trying to access your server.
Click to expand...


How they uploaded it?
 
Upvote 0 Downvote
You may want to look through your access logs to see if that file was accessed (or if access was attempted). That might also give you some information of how they managed to get the file there (an earlier request by them perhaps).

This is not a file that would have been created via XenForo. I assume that the files created by your web server have a different owner than your core XenForo files. If so, then you can check the ownership of this file to see if it was created by the web server; if so, the file was likely created by a vulnerability somewhere; if not (and other XenForo-created files are), then it would have been done via something like FTP.

Bear in mind that the vector could also be any application installed on the server. If you're on a shared server, it may even be that the issue was from another site on the server.
 
  • Like
Reactions: HWS
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Joao Prates
  • Question Question
XF 2.2 2.2.15 - An upgrade was found for a version of XenForo that is newer than the uploaded files
Replies
11
Views
817
Joao Prates
Joao Prates
K
As designed XenForo SSO does not work for admin panel login
Replies
4
Views
143
Kirby
K
bbqchef33
  • Question Question
XF 2.2 googe claims ads.txt missing on Xenforo Cloud forum
Replies
2
Views
196
JustinHawk
JustinHawk
R
Baffling speed issues Xenforo 2.1.1 on a shared Godaddy server Max_User_Connections errors
Replies
15
Views
646
RedVee
RedVee
Chernabog
Not a bug Xenforo 2.2 -- Some forums are not showing correct thread counts (e.g. 0 when there's 10)
Replies
3
Views
397
Chernabog
Chernabog
Top Bottom