One of my site https://www.noobsplanet.com is hacked twice a day, seems like some malware or bot attack is being done. It’s like almost a month now I have been facing this issue daily. This site is actually a xenforo cms, but the index.php changed to wordpress index.php with some unreadable code. I have attached them below. I have to replace index.php everyday to make it work. Please help me address this issue. I have changed password for root, digital ocean & also cms admin but the issue is same. Thanks.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $100 of credit to try our products over 60 days!
Hello,
This sounds like a vulnerability in your CMS rather than a server vulnerability.
What I could suggest is checking your access logs and finding out what request is used to insert this malicious code into the index.php file.
What you could do is first check the time that the index.php file was modified (you can use
ls -lah index.php
to check that), and then in your access log, look for this specific time period.Once you have the request that is responsible for the problem, you will be able to tell which part of your CMS is being exploited and patch it.
I am not very familiar with Xenforo itself but I would recommend making sure that you do the following:
Let me know how it goes. Regards, Bobby