Website hacked - any way to restore??

ah1981 wrote: »

Hey, I'm not sure if I am posting in the right place here, please feel free to move to the relevant section. I am an administrator for a local Football club website, and I've just found that it has been hacked. When I try to log in, I get the following:

Hackeado por HighTech Brazil HackTeam
No\One - CrazyDuck - Otrasher - L34NDR0

When I googled this, it seems a number of high profile websites have also been hacked with the above message appearing. Is there any way I can restore my control panel to be able to edit the site again?Thanks in advance

Possibly, more details, what are you using to maintain the site, Joomla, wordpress, Drupal etc.? Were you keeping it up to date? Do you have any database backups?

Nick

ah1981 wrote: »

Thanks Nick. I am using Joomla to update, roughly on a weekly basis.Luckily I did a Database back up on 20 Dec and it hasn't changed much since.

Was Joomla up to date? Version 1.5 or 2.5? Are 777 permissions set on the server? Joomla has the FTP Layer that I would always recommend using over directory permissions where possible. (A handy script to check the environment for security issues is this.)
You could try download the sites files and do a dump of the DB as it is now. The hack is possibly originating from the db. It is a risk trying to repair the damage as you don't know if the hacker placed any back doors in the site while hacking it.
You may be better off starting back to the old database version, and if you are using Joomla 1.5 use JUpgrade to upgrade it to version 2.6.
So install stock Joomla 1.5 from the Joomla website (or whichever verion you are on). (If you don't have a local server you can use Xampp). Drop all the Joomla tables on your local PHPmyadmin and import the clean backup from the 20th.
Run Jupgrade to go to the latest version of your on an older one. You may also have to migrate components you may have installed, like gallieries etc. manually. But I would recommend a fresh start. You should be able to re-use the template, just make sure the files are clean of any suspicious code.
This would be my advice anyways.
(If you try using the 20th Dec DB dump with the downloaded website locally and it appears clean, chances are it was the db the hack originated from, and not the file system, but again thats a risk you'd have to take). Personally I'd start from scratch and keep Joomla up to date/don't use 777 permissions when you don't need to (FTP layer should be fine for most use)

Nick

ah1981 wrote: »

thanks a lot for the help. I'm still on Joomla 1.5....I think I will start off from scratch. I know there is a bit of work involved but at least I know it will be completely clean, will try it out in the next day or two

Thats probably the best bet. Your 20th December db should be ok, run a stock install of Joomla 1.5 locally, drop the tables, import the 20th Dec db then use Jupgrade (see previous post) to go from 1.5->2.5 retaining content. If you use components some of these may have 1.5->2.5 migration options. Check their website for more info. Fwiw I upgraded a pretty major club website (1, 000s of photos/articles) and I was able to get all in use components ported to 2.5 (joomgallery, attachments to name a few)

Nick