We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Site Hacked

October 23, 2010 11:30pm

Subscribe [4]

  • #1 / Oct 23, 2010 11:30pm

    AdamBaney

    65 posts

    I recently had my site hacked, and had to delete some code from the index.php file. What should be the permissions for:

    index.php
    path.php
    config.php

    Thanks!

  • #2 / Oct 25, 2010 4:02am

    John Henry Donovan

    12339 posts

    Panhead,

    Thanks for reporting this. We take security very seriously and will do our best to work with you on figuring out what’s going on. To that, we need some additional information from you…

    1. Build date for your EE 1.x installation (found at the bottom of your control panel)
    2. Other scripts on your account, whether in use or not (phpBB, etc…)*

    If this is a shared hosting environment, the host can make a determination if the attack came through scripts on another account on the server, which is commonly the case with these types of hacks.

    Please also check through these files:

      * path.php
      * config.php
      * index.php

      to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code.  If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.

      I would suggest you completely refresh your files by following the build update instructions.

    Also please ask your host to help identify where the attack originated from so that steps can be taken to prevent this in the future.


    The following files need permissions of 666.

      * path.php
      * system/config.php
      * system/config_bak.php

    But alas that will make no difference if you have somebody, bot or otherwise entering your site via FTP.

    You need to determine if a) you are the only user with FTP account details on their machine b) run a virus scan on your own machine. Once you are certain you are clean and only then change your FTP password.

    It’s imperative that you work with your host to help identify where the attack originated from so that steps can be taken to prevent this in the future.

    Keep us posted please.

  • #3 / Oct 26, 2010 12:55am

    AdamBaney

    65 posts

    I was able to repair a couple infected files in my root, and my site is working fine once again. Thanks, John!

  • #4 / Oct 26, 2010 6:03am

    Ingmar

    29245 posts

    Have you contacted your host as suggested? What did they say?

  • #5 / Oct 26, 2010 11:53am

    AdamBaney

    65 posts

    Yes, I did contact my host, and there actually was an attack a few days ago on the servers. Right after the attack, they changed my FTP login, and then I logged in to my account and changed the FTP once again.

    I had a couple questions for them, and am awaiting to hear back from them today. So far, everything is working fine.

    Thanks so much for your concern, Ingmar!

  • #6 / Oct 26, 2010 3:13pm

    Ingmar

    29245 posts

    Very good. Even if this doesn’t look like an EE issues as such, please let us know what they say. Thanks.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register