Quote:
Originally Posted by GRaduns340
I didn't actually see what your problem was, but our site was recently hacked as well. It's been running on a CMS for ease of transfer to the next webmaster, so at first I assumed that either that or the forum was the loophole and that I would go about trying to find that. I later discovered, after talking with our private host, that it was a root access hack, and that all sites on the server had been hacked through the server's root user. We got hit pretty hard, as ALL web-based files (PHP, HTML, HTM...) were overwritten by copies that contained a meta refresh, redirecting our site to some foreign forum. I still can't delete some of them because of ownership and permission changes that were also made, but if that's what you're dealing with, you'll have to go through your host if you actually want to correct it.
|
It sounds like they used an automated script to infect all your files; as such the changes in permissions might have been set to only PHP's "nobody" user. (Which would restrict access to such files to PHP scripts alone.) See if you can use PHP to do a site-wide crawl, read every .html, .htm, or .php file, str_replace() the "<meta refresh..."> crap with NULL or an empty character set "", save the files again, and then chmod everything to the permissions it should be set at.
EDIT: Basically, this is the exact reverse of their automated script.
