Calum Jones Posted February 16, 2022 Posted February 16, 2022 I'd like someone to please install a completely clean and fresh copy of Invision, while retaining our community posts, forums/subforums, and our WordPress SSO plugin. Is there somewhere I can buy this service?
Marc Posted February 16, 2022 Posted February 16, 2022 While we would not offer self hosted installation, given what you are asking, what is the reason you are looking to do this?
SeNioR- Posted February 16, 2022 Posted February 16, 2022 1 hour ago, Calum Jones said: while retaining our community posts, forums/subforums, and our WordPress SSO plugin. What about attachments in posts? It is better to overwrite the files than reinstalling the entire forum.
Calum Jones Posted February 16, 2022 Author Posted February 16, 2022 8 hours ago, Marc Stridgen said: While we would not offer self hosted installation, given what you are asking, what is the reason you are looking to do this? Hacking issues, impossible to tell if any of the files in there are dodgy or not, so we just want to keep our posts and clear everything else. I received quite a few offers but I was wanting an official employee to perform the service as it's a sensitive matter and also I'd like to keep my website private.
Calum Jones Posted February 16, 2022 Author Posted February 16, 2022 9 hours ago, Marc Stridgen said: While we would not offer self hosted installation, given what you are asking, what is the reason you are looking to do this? Our web host sent us this: " The only thing I can think about is that indeed there is a flaw within the forum CMS, What worries me here, is the fact that there are a couple of open directories like: css_built_0 css_built_1 javascript_core javascript_forums javascript_global monthly_2022_01 set_resources_1 set_resources_3 However there are JS files in here, so I wonder if the exploit is related to them somehow. Can you confirm further with Invisionboard if these directories are part of their forum CMS?"
Randy Calvert Posted February 16, 2022 Posted February 16, 2022 Those are all normal and correct folders. Each has a specific purpose/use. css_build_* are for CSS files. javascript_* are for various JS used in the software (core, forums, etc) monthly_* are uploads/attachments uploaded by users (avatars, pictures, files, etc) organized by month of upload so you don't have a million files in one folder. set_resources_* are related to theme assets/images.
Jim M Posted February 16, 2022 Posted February 16, 2022 38 minutes ago, Calum Jones said: Our web host sent us this: " The only thing I can think about is that indeed there is a flaw within the forum CMS, What worries me here, is the fact that there are a couple of open directories like: css_built_0 css_built_1 javascript_core javascript_forums javascript_global monthly_2022_01 set_resources_1 set_resources_3 However there are JS files in here, so I wonder if the exploit is related to them somehow. Can you confirm further with Invisionboard if these directories are part of their forum CMS?" Those folders are part of our software and would need to be writable for the software to build/cache respective aspects. IveLeft... 1
IveLeft... Posted February 16, 2022 Posted February 16, 2022 1 hour ago, Calum Jones said: Our web host sent us this: I would start looking for a new web host 2 hours ago, Calum Jones said: I was wanting an official employee to perform the service IPS will not offer this service for self-hosted - Your on your own with your host and any system admin you feel may be able to help do the job
Marc Posted February 17, 2022 Posted February 17, 2022 What your hosting company is pointing out as potential exploits there, unfortunately appears to be nothing short of guesswork. Those folders are intentionally writable by the system, and some will intentionally contain js files. To be honest, the fact 3 of them are specifically named javascript should probably raise flags about the hosting company that you are using. What is it that leads you to believe you have been hacked in the first place there? Have you considered our cloud platform, so that you dont have to deal with things like this at all?
Calum Jones Posted February 17, 2022 Author Posted February 17, 2022 8 hours ago, Marc Stridgen said: What your hosting company is pointing out as potential exploits there, unfortunately appears to be nothing short of guesswork. Those folders are intentionally writable by the system, and some will intentionally contain js files. To be honest, the fact 3 of them are specifically named javascript should probably raise flags about the hosting company that you are using. What is it that leads you to believe you have been hacked in the first place there? Have you considered our cloud platform, so that you dont have to deal with things like this at all? We have Sucuri and some other companies who have been dealing with the hacking issue for a long time (we are attacked repeatedly and the attacker inserts his own PayPal links in place of genuine checkout links). Malware files are often found in the forum folders, which was also the case when we were on a different forum software (we had an old version of vBulletin). Presently we have zipped the forum subfolder and the hacking has stopped. It does appear the attacker has managed to sneak something bad into the forum subdirectory somewhere. There are so many files, though, that it's difficult to find, and Sucuri does not offer forensics to find entrypoints etc. SeNioR- 1
IveLeft... Posted February 17, 2022 Posted February 17, 2022 (edited) If an attacker Is getting through and your paying companies to deal with hacking and they repeatedly get through then I would recommend finding better companies, as per my comment on your host. Edit: You only have to look at some of the Sucuri reviews to see they are another company taking money for not a lot and are not that capable..... Edited February 17, 2022 by Muddy Boots
Marc Posted February 18, 2022 Posted February 18, 2022 One way you could go about this is as follows. Note, this isnt really something we provide support with as it's a hosting issue, but give you a way forward Backup Delete all files and folders, apart from uploads folder(s), conf_global.php and any constants.php you may have Upload a fresh set of files from your client area That will make sure none of our files have been messed with. It does need to be noted that this takes no account of 3rd party applications and plugins. If you have any, check with the authors first, or you will break your site. You could then move your uploads folder to another location. Create a new folder, create a new storage location for that folder, then move all storage locations to the new folder. Wait for the background process to complete entirely, then you should be able to delete the old uploads folder. As mentioned, this really is something you need to sort out with your host though. If they are getting on your hosting, none of this will stop it happening again. I have moved your ticket to our self hosting support forum for community support, in case anyone has anything to add to that.
Recommended Posts