Hacked by Dz Team - How do I get an old index.php 'relinked'
-
-
- norush
- Newbie
- Posts: 18
- Thanks: 0
-
Hi Everyone,
I'm a techie/web/joomla beginner so please bear with me here
Unfortunately, my website www.cygnetplayers.com was hacked into a couple of days ago now after I installed a third party plug in that left the site vulnerable
Lesson learnt there! However, it was only the index.php that was 'wiped' (if that's the correct expression), and I can still access all the data (after changing passwords etc) via the administrator.
Because I hadn't been backing up regularly (I know, I know, beginners mistake!!) the only backup files I've got has a very old index.php file. However, as I'm still able to access all the up to date files via the administrator I was wondering if it's possible to 'relink' an old index.php file to the current content?
Sorry, as I say I'm a beginner and although can follow tutorials and such I'm not a techie by any means and am just not sure what to do! I really don't want to have to reenter months of content onto the site - even though I totally appreciate it's my fault for not backing up
Any help/suggestions are most appreciated. Do let me know if there are any files or coding anyone needs to see to help.
Thanks so much to anyone who can help in advance!
Nicole
-
-
-
- Adamck
- Elite Rocketeer
- Posts: 546
- Thanks: 2
- Web Developer, IT Assistant, Graphics design, App Developer
-
Its more likely that the index.php is actually ok and what they have done is a SQL injection into your database via the plugin.
Log into your hosting control panel, have a look at your SQL database for the website (usually via phpMyAdmin) and search the database for 'DZ team' or similar and see if you can find the table(s) affected, usually they just set a new admin password and mess up your homepage...
If you can, see if you can edit the data manually via phpmyadmin so it makes some sense again, OR see if you can extract the table from the backup and just restore the affected table.
Usually the hacking is done by a BOT that looks for vulnerable sites and then automatically injects the code into you database and changes the admin password.
Im guessing they see it as an advert for themselves via google etc... so dont take it personally, they probably dont even know their bot has even hacked you!!
Hope this helps a little.
Adam. - Kiss my RSS
-
-
-
- norush
- Newbie
- Posts: 18
- Thanks: 0
-
Thanks so much for responding Adam - I really appreciate it!
I've logged into the phpMyAdmin and can see on the top left hand side an additional database listed to my own (my own is cygnetp1_cygnets), the other once is information_schema. I've uploaded a screen grab of it. Before I delete it I'd just like to double check this is the type of thing you mean?
Thanks again,
Nicole
-
-
-
- Neil Bishop
- Sr. Rocketeer
- Posts: 244
- Thanks: 2
-
Hi nonoise, look at your index.php file size via ftp and if the size is bigger than about 2kb then it is probably been hacked. my hacked index.php file was about 5.3kb. I replaced the hacked index.php file with a clean one from my original joomla 1.5 download and everything came back to how it should be. also look in the files for anything that looks like tm.html or DzTeam.html and delete these. Install OSE antihacker program, make sure your forms and login usernames and passwords are strong and backupup your site once it is clean with akeeba backup.. excellent backup program. Hope this helps.
Cheers
NB
-
Time to create page: 0.049 seconds