CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Rescue hacked account

https://forum.cmsmadesimple.org/viewtopic.php?t=66942

Page 1 of 1

Rescue hacked account

Posted: Tue Jun 18, 2013 8:07 am
by benchelt
Hi there

My wife's website was hacked because she set her password as 'password'

http://biancaduval.com

Is it possible to rescue this site or, is it beyond hope?
We cannot login with her details as, the password has been changed.

Any ideas?

Thanks in advance

Ben

Re: Rescue hacked account

Posted: Tue Jun 18, 2013 9:19 am
by staartmees
move the current cms to a subdir
install a new cms but
choose a safe password of at least 16 characters >> http://www.strongpasswordgenerator.com
make sure you choose the same table prefix as for the old site
do not create the database
copy uploads from the old site to the new

Re: Rescue hacked account

Posted: Tue Jun 18, 2013 9:37 am
by Jo Morg
It appears that the hacker didn't mess too much with the site, and didn't try to get access to the files so, before a drastic measure, I would just reset the password on the db 1st to recover access to the back end and than assess the extent of the damages.
The way to do it depends on the version of your CMSMS installation... a recent procedure is described here, but you may have to search the forum for a similar procedure for older versions. As I said depends on how old your installation is and what upgrades have been made since 1st install.
On the other hand, your host may have backups of both files and DB, so that could be even easier, just replace all from a recent backup.
Just a word of caution: no matter what procedure you choose, make sure you backup everything before, just in case.

Re: Rescue hacked account

Posted: Tue Jun 18, 2013 10:32 pm
by paulbaker
By the look of the /admin login screen it is an old version - pre 1.9?

Yes I would approach host first to restore. Then quickly change admin passwords to something considerably more secure.

Then you ought to be upgrading really:
http://docs.cmsmadesimple.org/upgrading

To save further repair work on other systems, I'd also be asking my wife what other logins she has set to "password" and change them quick. ;)

Good luck

Re: Rescue hacked account

Posted: Wed Jun 19, 2013 9:20 am
by velden
I would never trust a compromised website myself (unless I'd have a recent checksum file of the cms).

So I'd choose for 1.) backup, 2.) reinstall

After that, I'd go for a non default admin directory http://docs.cmsmadesimple.org/general-i ... ring-cmsms and of course a hard to guess password AND username. Make sure that username is not displayed in e.g. News/blog items etc.

Re: Rescue hacked account

Posted: Wed Jun 19, 2013 10:45 am
by benchelt
Thanks for all your help guys. I think i have enough now to go on.

Ben
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited