Calum Jones

8 hours ago, Marc Stridgen said:

What your hosting company is pointing out as potential exploits there, unfortunately appears to be nothing short of guesswork. Those folders are intentionally writable by the system, and some will intentionally contain js files. To be honest, the fact 3 of them are specifically named javascript should probably raise flags about the hosting company that you are using.

What is it that leads you to believe you have been hacked in the first place there? Have you considered our cloud platform, so that you dont have to deal with things like this at all?

We have Sucuri and some other companies who have been dealing with the hacking issue for a long time (we are attacked repeatedly and the attacker inserts his own PayPal links in place of genuine checkout links). Malware files are often found in the forum folders, which was also the case when we were on a different forum software (we had an old version of vBulletin).

Presently we have zipped the forum subfolder and the hacking has stopped. It does appear the attacker has managed to sneak something bad into the forum subdirectory somewhere. There are so many files, though, that it's difficult to find, and Sucuri does not offer forensics to find entrypoints etc.

9 hours ago, Marc Stridgen said:

While we would not offer self hosted installation, given what you are asking, what is the reason you are looking to do this?

Our web host sent us this:

"

The only thing I can think about is that indeed there is a flaw within the forum CMS, What worries me here, is the fact that there are a couple of open directories like:

css_built_0
css_built_1
javascript_core
javascript_forums
javascript_global
monthly_2022_01
set_resources_1
set_resources_3

However there are JS files in here, so I wonder if the exploit is related to them somehow. Can you confirm further with Invisionboard  if these directories are part of their forum CMS?"

8 hours ago, Marc Stridgen said:

While we would not offer self hosted installation, given what you are asking, what is the reason you are looking to do this?

Hacking issues, impossible to tell if any of the files in there are dodgy or not, so we just want to keep our posts and clear everything else.

I received quite a few offers but I was wanting an official employee to perform the service as it's a sensitive matter and also I'd like to keep my website private.

I'd like someone to please install a completely clean and fresh copy of Invision, while retaining our community posts, forums/subforums, and our WordPress SSO plugin.

Is there somewhere I can buy this service?

49 minutes ago, Jim M said:

You're welcome to post that as a suggestion in our Feature Suggestion forum or if the OP would like me to move their topic, I can certainly do so.

Sure, you can move it over. I followed your suggestion, but it would be a good feature to have.

I have an Invision forum for members of my website. Our site has been targeted by hackers with some frequency so I'd really like to keep everything strictly up to date. Is there a way to set my Invision community to automatically update itself when new versions come out?

Hi I am having an issue with WordPress SSO randomly failing to work. I did not see a topic for this plugin, so I have sent you a PM.

Thanks