I had gone to UTPA earlier today to work on my new business website. I thought I'd check the latest headlines. The page loaded and then suddenly there was a page redirect. My site got hacked! Bastard.
I disabled some of the vulnerable php scripts and took down the site while I went in to clean up the mess. I was able to get the site back up faster than I thought. I came up with a tlaquachada, so it's back in business. Since most people only really visit the first page, that's what's active. My admin page and the modules page are disabled for now. So, even if the guy is able to get the admin password again, the script that will allow changes isn't active. I've downloaded a script upgrade from PHP Nuke 6.5 to 6.6. I'll be migrating the site up to the latest, which is around 7.9, I think. I'm going to research a little bit more because it's tedious to have to upgrade a little version at a time. I'd rather jump versions if possible.
The content was not deleted or changed, so that's going to save me a lot of trouble. The last thing before I can take break is to check the downloads module for any malicious uploads that the hacker may exploit later. If it's empty, we're set. I apologize for the inconvenience. PHP-Nuke isn't the most secure CMS around, but it comes with Yahoo hosting accounts. And, it turns out that it's not difficult to recover from a hack. Just a piece of technical advice, ALWAYS back up your files. You never know when crap is going to happen.
No comments:
Post a Comment