Thread

My system was compromised this past weekend. Not through ExpressionEngine but through phpMyAdmin. I have a SQL backup before my 2.1.1 upgrade. How would I go about getting 2.1.0? Or am I good to go with installing 2.1.1 and just updating the DB again?

A response would be greatly appreciated.
Thanks,

McCoy IT,

Just to be clear your 2.1.1 install was compromised?
The only db backup you have is of a previous EE2.1 install?
Do you have backups of files etc. ?

What damage was done through the hack?

Please check through these files:

  * path.php (if using EE1.x)
  * config.php
  * index.php

to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code.  If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.

Hey John!
No worries about the compromise it was through the PHPMyAdmin that the script kiddies got through. Just had a bit of a brain fart to figure out how to get the site back together.
I was able to piece together my site from a SQL backup, config.php and database.php with an installation of 2.1.1. My host formatted and reinstalled the OS. I spent the better part of 13 hours putting the site back together along with the other 12 sites.

I am well aware of the script injection that happens on hacked servers. The other ones that people should be aware are encrypted images and modified PDF’s.

Thanks for the reply.

Glad that you’re up and running again.. don’t forget to change your passwords. 😊 Don’t hesitate to post again as needed.