Any knowledge of hacking issues?

Hi,
One of my sites was hacked yesterday. I've never had this happen before. The path that was given is my CMS folder. The hacker is Himanshu Dhiraj Mishra - supposedly an ethical hacker. I don't understand his purpose.

I just want to know if there is a security issue and I missed a fix for it. Also any info about this guy and why he does this.

I've never had a site hacked before and this wasn't exactly how I was planning to spend this day!

Thank you for any info you can provide. I'm working on re-establishing the site on another server but I want to make sure this won't happen again. I have much better things to do with my days.

The site is townmarshfield.com

Thank you,
Laura

Thought I'd add a screenshot of the guy posting about this on Google+. It was nice of the other guy to let me know.

Are you using an old version of powerCMS? If you provide FTP information to your site I can see if I can find the security hole. We did have issues years in the past that we have since corrected, so if you have older files on your site that could be it.

It could very well be old Ray. It's been out there quite some time.

Yes, it is very old and has the known security hole.

It looks like the html editor file upload doesn't even work on your version of php. I'm deleting the files that have the hole, but the issue is that since someone found it, they may have uploaded a file that has another hole... but it doesn't look like he did.

Really you should use the latest version of Data Bridge to update all of your HTMLeditor instances to the most recent version. I've removed all file upload capability from the version you have installed to close any potential security holes. Using the latest version would allow you to re-implement file upload capability without security concerns.

How do I know which sites have updated files and which don't? I know my later sites are using the newer DataBridge but not sure about my older sites. I don't know if they got upgraded or not. I deleted about 500 files from the Files folder this morning. I'm pretty sure I got everything that shouldn't have been in that folder. Anything else I need to do to guard against this because he may find my other sites that are using CMS. Thank you.

If the site has a /HTMLEditor/ then it is using the older version of HTMLEditor and could have a security issue. The safest bet is to delete that folder and re-apply any rich text editing fields using Data Bridge, or get Design Extender and update your entire CMS system to get it up to date and it won't use that folder any more.

So you are saying IF there is an HTMLEditor folder in the ROOT directory of your site it contains non secure elements?

I'm getting errors from a new update to PHP 5.6.11 when error reporting is in place. Does the Power CMS support MySQLi? This seems quite important.

We have not updated PowerCMS to use MySQLi yet. We will be doing that update in the next major Design Extender release. It shouldn't error, it should just have "warnings" that can be turned off.

Realistically standard MySQL will continue to work for the next 5 years or so, and we will have an easy upgrade for existing sites ready much before then.

I'm finally getting back to this. I know I have other sites with HTML editor. I need to get this fixed.
I have DataBridge. How do I change my sites w/o messing up the whole CMS? I was going to figure this out on my own but I know how that will go. When I have it totally messed up I will still need to ask for help and then it will take me 3 extra days to get it fixed. So I decided to go against my natural instincts and ask for help first. Can you just give me a few steps that I need to take to replace the old with the new?
Thank you so much!
Laura

Why don't we do the first one together and then you can follow the same steps. What is a good US phone number or Skype contact information to reach you? I'll put it in my calendar for Friday and we can do screen sharing and go through it together so that there aren't any issues.