Hi.
I have old site based on couchcms and that site was hacked.
What to do now? Reinstall couch with new version?

Hi!

My question :

What version of couch did you use? Since you said its an old site.

How many site you put into your ip address range? If you put more than 1, is the other use couch too, or you use another cms like wordpress or joomla? If yes, check your another cms for any bugs.

Are you got some spam email that steal your email accoucnt info? Or did you use same email and password for your hosting or for your cms registration?

My opinion :

Why you ask for reinstall couch? If you are the owner or the dev of that site, just simply access the cpanel, and take a loot at the problem. Some of lames just put an index.html on hosting and leave the main index.php untouch. Chexk for it.


Thx!

For now I don't have access to ftp (my site but now client own it).
This hosting don't have cpanel. Its polish home.pl (lame provider).
One website.
I think that is 1.4.5 couch. I need to check that.

[KK]

@adrianr, to begin with, you really *should* have been using the latest version of Couch - I had send you (along with all other members) a personal mail requesting to do so when 1.4.7 was released.

Anyway, Google reports that hacker group 'anoncoders' is on the rampage and has defaced thousands of sites recently.

For such a mass scale hacking, I somehow doubt that the hackers would have targeted any vulnerability in Couch.

If your site happens to be on a shared hosting, the entry point could be any site on the server and you should contact your host immediately.

If you are on a dedicated server, compare all files with pristine versions to see what has been changed. Take a look at access logs to see if you can spot any anomalous activity.

Assuming you have a backup of the data, it would be a good idea to wipe everything and install afresh. Change all passwords (CMS, database and even any FTP client on your local machine).

Hope this helps.

yeah, i forget about that one site :C

I've got info that there is also joomla site on ftp.

Yes thata why. Looks like the lames jumping into your host directory. Since i never see couch bugs on any exploit databases. So the only way to hack couch from web app side is null. The lames need hack the hosting provider (imho), or hack the other sites on ip ranges, put a shell and jump into other usr directory.