Site was hacked
Development and Programming
Our ExpressionEngine installation was hacked.
The hoster says that it was a Brutforce attack. They came over the admin.php page.
Is this possible? And how can we protect ourselves in the future?
Is there a way to examine the mysql database about the virus, so we do not need to create the complete page again?
The first thing you should do is rename the admin.php file and also the system map, read this: http://ellislab.com/expressionengine/user-guide/installation/best_practices.html
Francois
Are you on a shared host? What other software is installed on the account?
Hello,
@worfoual: Thanks. We did that in Advance
@ Boyink!: Yes. It is a shared Host. And i can’t believe that there was a Brutforce attack. Because the site was in development and not live.
Thanks for your help…
Another Question. The Host put the site into a Sandbox because we want to reproduce the structure and templates.
Now, there is a problem. We can’t login. This error message occurs: “An Error Was Encountered Unable to load the requested file: homepage.php”
Do you have any advice. I set these paths in our config.php file using configuration variables: $config[‘site_url’] = “http://example.com/”; $config[‘tmpl_file_basepath’] = “/home/user/example.com/templates/”; $config[‘theme_folder_url’] = “http://example.com/themes/”; $config[‘theme_folder_path’] = “/home/user/example.com/themes/”;
homepage.php isn’t a EE file name natively. Is there an .htaccess rule setting that as the directory index?
What happens if you try to load EE’s admin.php directly?
Thanks for your help:
There isn’t a .htaccess rule…
If i try the ulr+/admin.php there is screenshot1. After the login there is screenshot2
Here is screenshot2
Did you specify homepage.php somewhere in a setting?
Not that I remember…