XF 1.4 Xenforo Shell found

C

Console Crunch

Member
Hello,

I have found a shell on this directory Called Controller.php

internal_data/attachments/0/Controller.php

How has been added? only my ip has access into my ftp to avoid possible hackers

This file not exist on my last backup so is recently

I just deleted all extensions allowed on the Attachments options
 
Sort by date Sort by votes
Look like an hack attempt.

Won't be successful, because /internal_data cannot be accessed from outside (if you setup XenForo correctly).

I recommend to bring your server offline and check it completely for any trojans and backdoors.

How you setup your FTP is not very important for hackers trying to access your server.
 
Upvote 0 Downvote
HWS said:
Look like an hack attempt.

Won't be successful, because /internal_data cannot be accessed from outside (if you setup XenForo correctly).

I recommend to bring your server offline and check it completely for any trojans and backdoors.

How you setup your FTP is not very important for hackers trying to access your server.
Click to expand...


How they uploaded it?
 
Upvote 0 Downvote
You may want to look through your access logs to see if that file was accessed (or if access was attempted). That might also give you some information of how they managed to get the file there (an earlier request by them perhaps).

This is not a file that would have been created via XenForo. I assume that the files created by your web server have a different owner than your core XenForo files. If so, then you can check the ownership of this file to see if it was created by the web server; if so, the file was likely created by a vulnerability somewhere; if not (and other XenForo-created files are), then it would have been done via something like FTP.

Bear in mind that the vector could also be any application installed on the server. If you're on a shared server, it may even be that the issue was from another site on the server.
 
  • Like
Reactions: HWS
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

AjayJunkies
Have you found success using forum tags?
Replies
13
Views
240
philmckrackon
philmckrackon
Baby Community
xenforo I'm glad I found you. My last and most important Project is in Garanti.
Replies
2
Views
85
Baby Community
Baby Community
P
  • Question Question
XF 2.3 When registering as a member in Xenforo, show the Membership Agreement Form before registration
Replies
3
Views
51
Mr Lucky
Mr Lucky
Joao Prates
  • Question Question
XF 2.2 2.2.15 - An upgrade was found for a version of XenForo that is newer than the uploaded files
Replies
11
Views
878
Joao Prates
Joao Prates
Ameeno
  • Question Question
How can we give someone access Xenforo to download anything without logging or Regisiterd in and clicking on the Xenforo/Forum?
Replies
1
Views
56
Jeremy P
Jeremy P
Back
Top Bottom