CMS Made Simple Forums

my site built using v1.51 was hacked into a couple of days ago and script inserted all over the place redirecting to another site

the only way I can find to keep them out is to change the password in the config.php file using ftp.

only problem is I cannot get into the site nor anyone visit it after doing this

I have completely removed the public_html file and restored it from a backup

I can access the adimin file using the compromised password and changed the access password here but it does not seem to change it in the config.php file, obviously this is not how it works

the wiki has very little on passwords, could someone please explain what I am doing wrong

The only password you can change in config.php is the related to the database, and has nothing to do with your admin-account of the CMS site.

What I would do:
- make a dump of the database, create a new database (with different name and password) next to the original one and import the data
- change the settings in config.php and directly change CHMOD to 444
- do a full upgrade to version 1.6.6 of CMSMS
- change the admin-password
- change te password of the manager of the domain

Normally that should do the trick...

thanks for the advice

is it not possible to just change the password of the database I currently have as I have already deleted everything and installed new

I was intending to upgrade to 1.6.6 as soon as I have the password issue sorted

stijlXpres wrote: The only password you can change in config.php is the related to the database, and has nothing to do with your admin-account of the CMS site.

What I would do:
- make a dump of the database, create a new database (with different name and password) next to the original one and import the data
- change the settings in config.php and directly change CHMOD to 444
- do a full upgrade to version 1.6.6 of CMSMS
- change the admin-password
- change te password of the manager of the domain

Normally that should do the trick...

Sure, that's also possible!

Remind that you have to change the password in two places. Once in config.php and once in the domain-manager of your site.

Good luck!

that was my problem I had changed the config file but not on the domain manager, where I had to delete the user, then recreate it again with the new password

thanks again for your help

stijlXpres wrote: Sure, that's also possible!

Remind that you have to change the password in two places. Once in config.php and once in the domain-manager of your site.

Good luck!