Question about a hacked site

[johnbmcdonald]

I built a site for a client a while back. after that, you guys released a new version.

At that time I tried to login to their site to upgrade it, but I couldn't login.

I guessed they changed their password or I had the wrong one or something..

So I sent them an email letting them know they needed to upgrade, which they never did.

I don't believe they never made a backup...

They've since contacted me. They've been hacked because in the admin panel appears:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

CalGuy advised:

You need to
a) delete everything from your site (all files, and all tables in the cms database)
b) restore from a known good backup
c) change all CMS passwords
d) upgrade to CMS 1.2.5


My Question is, and I suspect I already know they answer...
Without a backup,  Does the site have to be rebuilt from scratch?
can't use any of the database tables? If I have to start from scratch, I might as well go with 1.3.1, yes?

Thanks
John

[Pierre M.]

Yes, erase-destroy, folders and database. http://forum.cmsmadesimple.org/index.ph ... #msg114458

And yes : from scratch => from latest official stable version, 1.3.1 today.

Remember http://wiki.cmsmadesimple.org/index.php ... mall_Guide
URL filtering can catch crack attempts whatever the CMSms version behind.

If you have no sane backup, may be you have at least a static mirror copy from wget or httrack ? or Google cache ?

Pierre M.

[jmcgin51]

You can retrieve lost login info as described in this thread:
http://forum.cmsmadesimple.org/index.ph ... 467.0.html

(assumes you have db access)

You MIGHT be able to re-use your database, but unless you do a pretty exhaustive analysis of the db, you're not going to be able to be sure that it's clean.  You might check with your webhost; often they do daily db and file backups, so you could ask them for a backup from a pre-hack date.

[viebig]

how big is this site, which modules it´s using?