DigitalOcean

Report this

What is the reason for this report?
Question

My site index.php gets attack twice a day & index.php is changed automatically with unreadable code.

Posted on November 17, 2021
Nginx
Linux Basics
PHP
PostgreSQL
DigitalOcean
applelappala

By applelappala

One of my site https://www.noobsplanet.com is hacked twice a day, seems like some malware or bot attack is being done. It’s like almost a month now I have been facing this issue daily. This site is actually a xenforo cms, but the index.php changed to wordpress index.php with some unreadable code. I have attached them below. I have to replace index.php everyday to make it work. Please help me address this issue. I have changed password for root, digital ocean & also cms admin but the issue is same. Thanks.

Original index.php Hacked index.php



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
November 18, 2021

Hello,

This sounds like a vulnerability in your CMS rather than a server vulnerability.

What I could suggest is checking your access logs and finding out what request is used to insert this malicious code into the index.php file.

What you could do is first check the time that the index.php file was modified (you can use ls -lah index.php to check that), and then in your access log, look for this specific time period.

Once you have the request that is responsible for the problem, you will be able to tell which part of your CMS is being exploited and patch it.

I am not very familiar with Xenforo itself but I would recommend making sure that you do the following:

  • Make sure that you are running the latest version of xenforo so that it includes all of the latest security patches
  • Update all of the plugins and themes that you have for Xenforo
  • Remove all of the themes and plugins that you are not using

Let me know how it goes. Regards, Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.