Someone hacked my site 2 days ago, and now I get the message about manually removing the boonex footer . I replaced the footer.html file with a previously backed up version, along with several others that I found, but I'm still getting the message and no access to my site. Maybe theres another corrupted file I have not found, or maybe boonex are just a bit slow in taking off the block. Any suggestions?
__boonex_footers__
 |
Did you empty the cache directories? Someone hacked my site 2 days ago, and now I get the message about manually removing the boonex footer . I replaced the footer.html file with a previously backed up version, along with several others that I found, but I'm still getting the message and no access to my site. Maybe theres another corrupted file I have not found, or maybe boonex are just a bit slow in taking off the block. Any suggestions?
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
The most important thing is how did he hack your site? Check my GeoDistance, Watermark, TorBlock and Android Push Notifications mods | http://goo.gl/H3Vp81 |
The most important thing is how did he hack your site? The correct question would be: "The most importat think is how to prevent site beeing hacked?"
"When things get tough the tough get going..." |
I think the problem is unauthorized ftp access. :|
The most important thing is how did he hack your site? The correct question would be: "The most importat think is how to prevent site beeing hacked?"
so much to do.... |
Thank you to everyone who posted replies. You're all correct, especially MScott. Clearing the cache did fix the boonex footer problem. Yes, I have found what I believe to be a virus called a FullRemove.exe in my program data folder (which shares the same name as a real file but should work out of the system32). I've blocked it and am doing some more testing, but I've found several of my sites riddled with strange files and zips mostly relating to spams and scams (some of the mail it has been sending out has bounced back so I can see what was written in the spam), so it must have been sending my ftp passwords info back as soon as I changed it. Anyway it has left a quite serious problem that I need suggestions for. When I log into my site as administrator, and go to the dashboard I can see the files all being downloaded but when they're finished downloading the admin dashboard remains blank, even after 20 minutes. I have replaced all the HTML files that seemed to be affected by the latest hack with backups from about months ago but still see a blank dashboard. |
before you do anything, make sure your computer is virus free :) (You might be the hacker) |
Yes, of course. I've been over that many times in the last couple of days, but even the latest full version of AVG didn't pick up the FullRemove.exe... Any suggestions about the blank admin dashboard? |
I know this isn't what you want to hear but if you have multiple sites and you have found strange files on several of them it might be time for a total wipe and restore from an older backup.
There are tons of viruses now that send FTP info back to the hacker so if you found weird stuff on your home PC that would be a good start. I would use Malwarebytes (the free version).. it can catch almost anything.
Also check the server FTP accounts and make sure you don't find any you didn't create.
The blank admin dash board could be a php error.. if you have php display errors turned off it will just show a blank screen.
Would you lose much by doing a full restore of all your sites? BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
php display errors??? where do I find the switch to turn that on and off?... please don't tell me its on the admin panel..... |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.