[SOLVED] Hacker, fiddler or bungler??

[burlington]

Two years ago, in 02/2012. I created a CMSMS site for a person who, subsequently, decided that he was not ready to proceed to completion. I would have used the latest CMSMS version available then.

The person has now decided that he wants the job finished. Imagine my consternation when I found that the site was not as I left it. You can see it at http://www.reclaimedflooring.co.uk/

What seems to have happened is this:
- my admin password has been changed- in 07/13
- the database admin password has been changed
- the config.php permissions changed to 060
- some of version 11.4 appears to have been loaded on to the server- according to the Version file- in 07/13
- I tried a 'password forgotten' but have not had the email yet. Presumably my email address on the site has also been changed.

However, access is available to the server and the database seems to be OK EXCEPT that the Admin Log data seems to have been stripped out apart from my incorrect attempts to login this morning.

What I have done so far is to change the server password, upgrade the config permissions, and then sit & think about what should I do next!

There are two questions in my mind:
- how can I remake my admin password? I do know what it was previously.
- what should I do next to recover the website?

No backup version is available.

Thanks folks for any help you can give.

Martin

[JohnnyB]

Well, definitely a fiddler and a bungler.

Personally, I would take everything that you started, templates, css, javascript, images, customized modules, and save a back up of it. There are also modules available (maybe Content Utilities) that you can use to backup all pages in a XML.

Then, completely destroy that version and database and do a fresh install of the newest version. Import your backed up pages (XML), etc...

It sounds like there was some fishy stuff happening and you have no way of knowing how stable it is now.

Save your work and then recreate everything...

[burlington]

Thanks Johnnyb

One of the problems is that I don't have admin. access now to the CMS. The password seems to have been changed in 07/13.

Any idea how to recover it please?

Martin

[JohnnyB]

With older versions, you could reset the admin password in the database by entering 21232f297a57a5a743894a0e4a801fc3 in the password field for your admin user. It is 'admin'

But, now admin passwords are salted. So, if you have access to the database, find your admin under the users and change the email to yours and send a lost password request from the login page.

[Rolf]

You can change Admin email in database and use lost password feature to get access again.

[burlington]

I am now back in to the system! Thanks everyone.

The site was indeed hacked. Some who calls himself Fagun, otherwise known as Fagun Rain. Very active, as I know(!) in mid-summer last year. Seems to have gone quiet of late.

Highly secure passwords are now in place, even more secure than they were before they were hacked.

Site now up, sort of. Twiddling will be the order of the day to get it back to the original.

Anyway, thanks again. I can sleep at night now.

Martin

[JohnnyB]

Bummer!

Fagun Rain

When it rains it pours would be my tagline if I was this person. lol. Glad you can get it fixed now.