Hacked : motherwell8ball.com

Use FTP and check that your config.php is as it should be.
Also check index.php in the root, that it contains what it should. Verify the contence with a freshly downloaded php-fusion 6.01.10
Replace the changed index.php if necessary.

Once up again, familiarize yourself with the backup routine ;)

Very many thanks for your reply.

I'm not sure if I want to take that route to be honest..... having very little time available (for a variety of personal reasons) I do rely upon the integrity of the software and not having to become involved in the 'technical' side of things.
My emphasis is on site content.... into which I already put in a great deal of work.
Anyway, I'll see what I can do and thank you again for your reply.

You "put a great deal of work" in to your site content, then you have "very little time available" to make back ups of your site and install the latest version?

Whilst we make every effort to ensure our product is secure there is no gaurantee that your data is 100% safe, it's your responsibility to maintain your setup, keep up-to-date and at least backup your db once a week, its very easy to keep a backup in a safe place.

Many thanks to both for your response.

When sites are hacked first thing to do is to change ftp and MySql password. For extra security it could be wise to do this from a computer that only you have access to. I have experience with a school computer where a guy had a keylogger installed. After that you should follow Yxos advice above. Disable all people on your site who have admin access and change their passwords before you allow then access again. Maybe this isn’t a PhpFusion flow at all that you’re site is hacked.
In the future do a weekly backup of the content of you’re site.
Do a ftp copy and database copy B)

Thanks for that.

I googled 'hacked black magic' and see that mine is not the only site hacked by these people (same hacked title and images).
For example.....

exeterbasketball.org

I notice they are using the same 'calendar' infusion... any chance this is a problem I wonder?

That’s right…. I forgot to mention that you also should disable all third-party infusions and mods in your code as they not are under control by the PhpFusion development team and therefore a security risk. Go to the PhpFusion mods site and see if there is any update before you activate them again.

Edit: Maybe someone else heard of some security issue with this calendar ?

Yup the calender infusion has issues.

There you go :)
Remove it!

Thanks.... I would if I could get back into admin !

I have the site partially back by editing the database to show news.php as opening page again.... trouble is the left side panels are not now visible.

www.motherwell8ball.com

I can't get into the main admin page.

I can get to the login page but don't know if I'm actually logged in as it simply keeps returning to home page.... in which the user panel isn't visible.

So I guess I'll try the upgrade, but fear there are database changes so that may not help! Bit disappointing to think all of that work is likely lost.

Could you tell me please how to determine what the currently installed version is.... which I believe I need to know to attempt upgrade?

Unless any suggestions for getting into admin?
Cheers.

You find the version in the _settings table, field version.

I have posted before about this, but I would like to reiterate from my mistakes. My site was hacked by this same person. Fortunately from what I can tell there was not malicious bots put in place or anything deleted. He just seemed to change banners, settings and posting news events. I did e-mail this particular hacker and he got in to my site via the older calendar infusion. I have since learned my lesson. I am on bare essential infusions only. If a infusion access the database I stay extra suspicious of it until I thoroughly test it. I am also a very busy person, but it only takes me about 15 minutes to do a full site backup including a database backup. I do this about 3 times a week. Remember nothing is 100% secure there will always be something that can be exploited and it is no fault of the authors of php-fusion. There is a lot of code and as secure as it is you never know what a hacker will use tomorrow. So the morale of this story....BACKUP YOUR SITE!

Just my .02!

This could be a bit tricky. Try to find out if you have access to PhpMyAdmin through your hosting account. If not try to install it on your account. You can find info and the scripts here http://www.phpmyadmin.net/home_page/i.../index.php
With PhpMyAmin you can access your MySql PhpFusion database and explore and manage its contents. In the “settings” table you have a field called version where you can see your version of PhpFusion.
Maybe this will work to resolve your password if it has been altered. I haven’t tried this before but it could be worth a try. In the users table on the row with your username try to change the field user_passwordstring to:

f6fdffe48c908deb0f4c3bd36c032e72

Make a backup of your old one first if this doesn’t work so you can copy it back. Then when you try to login your password should be:

adminadmin

If this should work change password to something else.

Thanks for all of the useful advice.
Managed to change database values so did get back into the site admin eventually.

They had messed about with panels and deleted some content.... not sure what the sum total damage has been.... and would in any case be unsure what to look for in the form of anything 'nasty' deposited on the site!

The only infusions remaining on there now are the clock (hardly vital) and the advanced file uploads and wrapper (latter two I've found particularly useful so am a bit loathe to lose them!).

Made a few changes to passwords and admin access but must assume of course its still vulnerable until I try to upgrade.

Appreciate all of the help.

Instead of that Kalender infusion, use the one from wibix.de:
http://wibix.de/infusions/pro_downloa...php?did=27

It is known to be safe, and has a lot more and better functions than the "old" one.