We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

site 1.6.7 hacked, want to update to latest, how?

August 29, 2012 5:22am

Subscribe [2]

  • #1 / Aug 29, 2012 5:22am

    atelier2

    181 posts

    On friday 13 april (true!) my client got a mail from his host that there had been an attack on one of their main servers (no details) an a question to change the FTP password. My client ignored this mail, and I never got a copy.
    On 22 august the host takes the site off line, because of spam send from it.
    The host claims that EE had a malfunction, they suggest it has been a leak in a script.

    My question.

    I discovered a strange HTML fiie in root (dated one year before the attack), probably from the hacker. It is unclear to me if this was enough to send spam.

    It is hard for me to check how the spam could be send. Was it the malfunction of their servers because of other users? Was it malfunction in EE? Even when I compare the original files with the ones on the server I cannot tell. Maybe you can?
    We think it had to do with that attack. I stay out of this discussion, just want to have the site on line again.

    We do have a backup of the database, the uploaded images and all off the Templates.

    Could any of you please advise me in upgrading to latest EE1 (for several reasons we stick to 1)

    Can I just (after removing the strange HTML file) restore the situation, and do a normal update? Or are there other ways?

    Thanks!

  • #2 / Aug 29, 2012 1:20pm

    Shane Eckert

    7174 posts

    Hello atelier2,

    I am sorry to hear you are running into this problem.

    I stay out of this discussion, just want to have the site on line again.

    There are many ways that this could have happened, most likley was FTP password or another application installed along side ExpressionEngine. Either way, it sounds like you may just want to move forward.

    Do you mind if I ask which hosting provider you use?

    Before upgrading you want to make sure you are starting from a clean slate. So just go through the index.html and index.php files to make sure they are clean. Also check config.php. After that follow this guide. Since most of the files will be overwritten any way, this is a good workflow.

    Just because we do not want this to happen again, make sure FTP password is strong. Also make sure ExpressionEngine is the ONLY thing installed on your account. No wordpress or phpBB instances just to name a few.

    I am here if you need anything. Please do not hesitate to ask any questions.

    Cheers,

     

  • #3 / Aug 30, 2012 5:19am

    atelier2

    181 posts

    Hi Shane

    The client tries to sue the provider, since we discovered this HTML file (screenshot, title is haCked! by eboz) on the server with a creation date long before their first warning mail. Host is Archeweb http://www.argeweb.nl/

    I never have anything installed besides EE. I know the risks.

    Now I want to be sure what you mean by saying

    Before upgrading you want to make sure you are starting from a clean slate.

    I have a talk with my client this evening. I think he wants to stick with EE1.x version. The guide you are pointing me to is to upgrade to EE 2.x version.

    The build uses templates as files.
    I see two scenarios here.
    1) We stick to EE1, BUT we update from 1.6.7. to latest.

    How do I proceed? Database is still present. Should I do a fresh install of the original HTML templates and user uploads back to the server, install EE 1 latest_build and restore manually the new config.php and index.php? Is this a correct way? Can EE connect to the database now?

    2) Client wants after all upgrade to EE 2.x

    This is some more work, have to go through extentions and plug ins, and all of my templates to change code. I remember there was an issue with difference between “tag” or ‘tag’ if you understand what I mean. Is that correct? Is EE2 more sensitive?
    Then install EE2. Or do I move my old (corrupted?) EE1.6.7 files back on the server and do the transition from 1.x to 2.x as advised?

    Important question:
    I remember there were issues with just 1.6.7 to 2.x Must I upgrade first to latest 1.x and THEN to 2.x?

    Sorry that I ask so much, never done this before….

    Your help much appreciated!

    regards

  • #4 / Aug 30, 2012 12:53pm

    Shane Eckert

    7174 posts

    Hey atelier2,

    Gotcha.

    Upgrading to the latest version of 1.X, just follow this guide.

    For ExpressionEngine 2.X I am not sure what you mean by tag? Can you explain?

    The bump from 1.X to 2.X is a big one and it’s up to you to upgrade or do a clean install and import of data. You can upgrade to 1.7.3 and then to 2.5.2 or just go straight to it. I do see less issues when getting to 1.7.3 first, but each case is different.

    As always, Add-Ons will need to be updated.

    I hope this helps!

    Cheers,

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register