close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Several sites hacked - can I use newer version of PHP now?

Thread began 3/09/2021 9:46 am by webdesignerwags | Last modified 3/31/2021 3:10 pm by Ray Borduin | 250 views | 28 replies |

webdesignerwags

Several sites hacked - can I use newer version of PHP now?

I only use Design Extender for the CMS. I have CMS on several sites. Some with and some w/o were hacked yesterday. All in the same hosting account. I am running PHP 5.6 on server. I remember when I first installed CMS years ago I was not able to use latest PHP version. Can I upgrade now to eliminate vulnerabilities or is there something I need to do with my code to prevent this from happening again? The hacker only took down my home page so it was an easy fix but I have no idea if he put other files out there. I had this happen years ago and at that time there was something I needed to fix in my code.
Thank you very much.

Sign in to reply to this post

Ray BorduinWebAssist

Yes, you can download the update here:

https://www.webassist.com/PowerCMS.zip

Just unzip and overwrite your files. If you send me FTP information I can do a quick sweep and let you know if there is anything you need to delete to prevent any more hackers from getting in.

Sign in to reply to this post
Did this help? Tips are appreciated...

webdesignerwags

Thank you Ray. Do I delete all the CMS files from the server and then upload all the new ones? Will I have any problems because all the tables are already setup in the databases?

After I do all this updating, can I then upgrade PHP on my server? The guy at GoDaddy said the hack could have happened because I'm not using the latest version. All my sites are made with PHP pages, not just those with CMS.

I think I got everything deleted that shouldn't be on server for all 50+ websites yesterday but I didn't look in CMS folder. I just looked there now. Sure enough - file called haxor.php. I've only checked a few sites so far but I only found that file in one and that was the same site that was hacked 5 years ago. You helped me fix that at the time.

Sign in to reply to this post

Ray BorduinWebAssist

I'm not sure about the rest of your site, but after updating the cms files, the cms portion will be ready to update to php7.

You definitely want to delete the haxor.php file, hopefully you don't have any more somewhere that would keep your security breached. Realistically I doubt the security hole is directly related to your php version. That sounds like a cop out by your hosting company, but clearing it out and using the latest version won't hurt.

Sign in to reply to this post
Did this help? Tips are appreciated...

webdesignerwags

Probably an easy answer for the guys at GoDaddy. I think that haxor file was only in the one CMS folder. It was at the root. And yes, I deleted it right away. I'd guess they could have used that to do more mischief. I find it very interesting that it is in the website that got hacked 5 years ago. I only remember all this because I read our thread from 5 years ago when you helped me fix that problem. Because I use shared hosting, the hacker could have found the vulnerability in one site, got into that and then somehow accessed all my other sites in that same account?

I will delete current CMS folder for one site and then upload new folder tonight. It takes about an hour. If all goes well with the first, I can do the others.

Thank you very much.
Laura

Sign in to reply to this post

Ray BorduinWebAssist

Yes. If a hacker gets onto a machine, they could effect other sites on that machine. But usually the easiest one would be the actual site with the security hole to begin with.

Good luck and let me know if you need help. I'd just need FTP access and the url to view whatever problem you are dealing with.

Sign in to reply to this post
Did this help? Tips are appreciated...

webdesignerwags

This is the message I was afraid I'd get. How do I get past this?
ERROR: The Cutler database is not empty, it already contains tables named pcms2_contenthistory, pcms2_contents, pcms2_usergroups, pcms2_users. Please delete these tables or create an empty database for PowerCMS to use.

Thank you.

Sign in to reply to this post

Ray BorduinWebAssist

Upload your old connections folder and its contents. It is trying to run the installer because those files are missing. Once those files exist it will skip the installer, which is what you need.

Sign in to reply to this post
Did this help? Tips are appreciated...

webdesignerwags

Now the admin page won't load at all. 500 error. This page isn't working.
I should just have 2 files in Connections folder?
PowerCMSConnection.php
installed_cms.txt

Sign in to reply to this post

Ray BorduinWebAssist

Yes, but you will have to update your PowerCMSConnection.php to be a mySQLi connection. Delete that file and create a new MySQLi connection with the same name.

Sign in to reply to this post
Did this help? Tips are appreciated...
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...