close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Hacked - Injected

Thread began 6/30/2015 11:18 am by Steve | Last modified 6/30/2015 12:14 pm by Ray Borduin | 394 views | 6 replies |

Steve

Hacked - Injected

Hello,
Found one of my sites has been injected with Replica Rolex links in a number of the records.

The site has been around for a few years using various WA extensions. CMS Builder, Data Builder and MySQLi

Any details that can help solve, fix and block the hackers or bots from gaining access again?

Here are my current steps:
1) Installed new PHPmyAdmin (latest version).
2) Changed MySQL root password
3) Downloaded compromised database and searched for other records that were compromised.
4) Cleaned up all compromised records
5) Create NEW database and access User account
6) Restore cleaned database to new database
7) Create new Site and start migration of files from current live site.
8) Change passwords for MySQL Connections to new User account
9) Figure out how to make Power CMS reinstall new files on new site..?

This should provide new access points to a clean DB and discard any old access methods.

Anything else I should be doing?

Sign in to reply to this post

Ray BorduinWebAssist

There was an old version of ckeditor that had security issues many years back. I'm wondering if that was still on the site.

If you give me FTP access I can take a look and make sure.

Sign in to reply to this post

Steve

I also have a partial use of a sql connection in the calendar file (calendar.php) that may have left some of the prior "cleaning" functions behind in it's creation... I'll redo that page using MySQLi connection methods.

Password for FTP in private message

Sign in to reply to this post

Ray BorduinWebAssist

It isn't letting me in with that password. Are you sure you entered it correctly?

Sign in to reply to this post

Steve

Hi Ray, Yes, I tested the credentials prior to posting them.

Sign in to reply to this post

Ray BorduinWebAssist

It worked that time... I must have entered it wrong.

I looked through your files and I don't see any of the old files that would have caused a security hole on our end.

Sign in to reply to this post

Steve

Logs attached

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...