Hi,
since yesterday my web site is gone: http://www.fc-vhs-kaarst.de/
What would be the best way to solve the problem? How to start to fix it?
FTP acces is OK, backup from last monday available.
Error log and acces log says something happened yesterday.
But before I start to restore the backup, I like to know how to fix it.
Regards
Joergen
Offline
Hi,
which theme do you use ?
did you change it recently ? did you install a new plugin ?
Offline
Indeed an extension issue. To complete what Mistic asked did you add JavaScript in a tpl file?
Offline
Hi,
I think my theme is called Stripped (dark and black Background with orange Fonts)
I have made No changes for month. No plugin installed and nothing with Java.
I think some restricted Users have only uploaded pictures, but this is also some days ago.
Offline
If it's orange it's Sylvia but anyway, rename the plugin folder to disable plugins to see their influence.
If it doesn't work copy past the content of thumbnails.tpl of your theme(s)
Offline
You have been hacked
see http://jeffreysambells.com/2012/12/12/anatomy-of-a-hack
I suggest you restore all Piwigo files from the archive and change all your password (cPanel, Ftp, MySQL, Piwigo)
Offline
Hi,
thanks for the bad news. ;-)
How did you find out? Just by the error message coming on the web-site.
One additional question, do I need to ask all users of this site to change their password also?
Thanks for helping.
Joergen
Offline
I also first thought of an hacking because unknown JavaScript in a front end file... Mistic greatly found the exact script
Yes you should inform your user. Because even if the password is different, the database password is written in a Piwigo file
Offline
I search "document.body++" on google, which returns many sites blocked (also hacked) and the above website
Offline
So Provider has confirmed that script kids has contaminated the web site.
I need to restore the backup (fortunately I have one).
How can I make the site more safely and prevent attacks?
Offline
What was the scripts you had in your website: Piwigo and plugins ? Other PHP files and Cms? But honestly the problem is usually a pebkac one, or you have a malware on one of the computer you used. Unfortunately the password are usually not so secured by FTP software
Offline