Question
My site index.php gets attack twice a day & index.php is changed automatically with unreadable code.
- Posted on November 17, 2021
- NginxDigitalOceanPostgreSQLPHPLinux Basics
Asked by applelappala
One of my site https://www.noobsplanet.com is hacked twice a day, seems like some malware or bot attack is being done. It’s like almost a month now I have been facing this issue daily. This site is actually a xenforo cms, but the index.php changed to wordpress index.php with some unreadable code. I have attached them below. I have to replace index.php everyday to make it work. Please help me address this issue. I have changed password for root, digital ocean & also cms admin but the issue is same. Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello,
This sounds like a vulnerability in your CMS rather than a server vulnerability.
What I could suggest is checking your access logs and finding out what request is used to insert this malicious code into the index.php file.
What you could do is first check the time that the index.php file was modified (you can use
ls -lah index.phpto check that), and then in your access log, look for this specific time period.Once you have the request that is responsible for the problem, you will be able to tell which part of your CMS is being exploited and patch it.
I am not very familiar with Xenforo itself but I would recommend making sure that you do the following:
Let me know how it goes. Regards, Bobby