[creative-friend]

Quote:

Originally Posted by Spangle

First thing you have to do is reset all the passwords, that means anyone signing in has to change their password.

Secondly you need to go through the files and see if there are any there that shouldn't be.

The only way to restore things as they were id by running a backup, and to be honest it shouldn't take that long, once you get it from your host, I know it's too late, but you should really be downloading a back at least every other day yourself, not relying on the host.

If it's only the front page that they have hacked, ( I'm assuming it's a portal) alter your .htaccess to forum.php, then at least your members can get into the site.

I do have backup of 2 days before.....but i have contacted my host so lets see what they will say....waiting for their reply if not then i will restore the backup then......

one more thing is that i only backup my database and the size of the database backup is around 300 so am not even sure its thats the right backup.....but i download it from my control panel....

--------------- Added [DATE]1378674505[/DATE] at [TIME]1378674505[/TIME] ---------------

Quote:

Originally Posted by snakes1100

Its not that simple, he could of added his code in numerous ways, as the install security hole allowed a sql injection, that is why you have new admins.

He could of used any one of these to inject the change on your home page:
base64 code in the db, in the datastore, template or style tables.
iframe code in the db, in the datastore, template or style tables.

You simply need to remove the code, but first you have to find it, there are a few articles out lining ways to find it in the db & one hack to search for certain things i nthe datastore, which will remove it & rebuild your datastore for you.

how do i find that code please tell me....is there any way to find it and remove it please let me know...