https://chhimi.com/

[Anna]

Some days ago I found an echo inside XF.php that adds a analytic-script to my forum hosted at:

https://chhimi.com/

My files are normally only from here.
Maybe i get a file with this information, a file that adds this information to my XF.php or someone was at my server to add this.

You maybe should check your own XF.php!

 

[thomsa]

Some days ago I found an echo inside XF.php that adds a analytic-script to my forum hosted at:

https://chhimi.com/

My files are normally only from here.
Maybe i get a file with this information, a file that adds this information to my XF.php or someone was at my server to add this.

You maybe should check your own XF.php!

AnnaIf you download files from enxf and @ENXF NET @BattleKing it's clear and clean.

If you download from another user i don't know.

 

[aab985030]

Can you share your XF.php file please so I can compare?

 

[Anna]

Open XF.php, and scroll down to the end;
use mc and search for chhimi
use grep, do the same

 

[aab985030]

Open XF.php, and scroll down to the end;
use mc and search for chhimi
use grep, do the same

AnnaNope don't get that in mine.

 

[thomsa]

Open XF.php, and scroll down to the end;
use mc and search for chhimi
use grep, do the same

AnnaI think that from your hosting.

 

[Anna]

I found out that the jquery*.min.js file was also compromised with a reference to edveha.com/adcount.js.

 

[aab985030]

I found out that the jquery*.min.js file was also compromised with a reference to edveha.com/adcount.js.

AnnaI suggest you download a fresh copy and overwrite the files on your server.

 

[thomsa]

I found out that the jquery*.min.js file was also compromised with a reference to edveha.com/adcount.js.

Annawhat version xf ?

and download from enxf resource or from user share.

 

[Anna]

I have checked all files from this version on my workstation, and they were all clean. Unfortunately, it appears that someone has accessed the system. The admins have been informed.

 

[one_finger_man]

I have checked all files from this version on my workstation, and they were all clean. Unfortunately, it appears that someone has accessed the system. The admins have been informed.

Annawhat you need to do is delet everything and let your hoster know this change all password and close that account and let them start you with a new one you all so want to pertect ya file php with

<Files admin.php>
Order Deny,Allow
Deny from all
Allow from  your ip go here
</Files>

than add this to you install folder

Order Deny,Allow
Deny from all
Allow from your ip go here

this will pertect you from out side but you dont want to give ya friends or any one ya admin password
in your install folder ad this with what i told you above .htaccess