hello
I had the unfortunate task of dealing with a hacked site today. the culprit looks like it was jdownloads and I have installed the upgrade to that.
when going in to clear out the files and update things, I tried accessing the administrator. normally I create a secret key, but couldn't remember if I had for this one, so I just went to the normal administrator login url, and it let me in.
however I found that I did have notes on my computer stating there was a secret key. somehow when the site was hacked they disabled the secret key, AND also rerouted the akeeba backup folder.
luckily I had a backup on my computer from the week before and was able to restore the site. after doing that I hardened the firewall settings, changed the secret key, blacklisted about 100 ip addresses that were directly trying to access the administrator, had my client change their password, and activated the 2 level authentication.
after doing all that I was in the administrator to get the client set up with the new authentication. when I went to log out, I found that I am no longer being redirected to the homepage of the site, but being taken back to the login page - and the secret key is still in the url.
is this something because of the hack, or is it due to the new authentication?
thanks
robb
I had the unfortunate task of dealing with a hacked site today. the culprit looks like it was jdownloads and I have installed the upgrade to that.
when going in to clear out the files and update things, I tried accessing the administrator. normally I create a secret key, but couldn't remember if I had for this one, so I just went to the normal administrator login url, and it let me in.
however I found that I did have notes on my computer stating there was a secret key. somehow when the site was hacked they disabled the secret key, AND also rerouted the akeeba backup folder.
luckily I had a backup on my computer from the week before and was able to restore the site. after doing that I hardened the firewall settings, changed the secret key, blacklisted about 100 ip addresses that were directly trying to access the administrator, had my client change their password, and activated the 2 level authentication.
after doing all that I was in the administrator to get the client set up with the new authentication. when I went to log out, I found that I am no longer being redirected to the homepage of the site, but being taken back to the login page - and the secret key is still in the url.
is this something because of the hack, or is it due to the new authentication?
thanks
robb
