Well, for the second time this year, my site (techautos.com) was hacked on June 8 using what seems like some kind of SQL Insertion bug in PHP-Nuke.
The issue is that when you go to any page, the correct page title shows up, but nothing else.
I checked the authors table with phpMyAdmin and sure enough, there was an unwanted, new entry.
Here's the information I have on the script kiddies who did this:
Collected from other sites these guys have compromised:
So anyway, I deleted the extra entry from the authors table. However, the site itself is, of course, not working. So I talked with some people on the NukeCops forums, and they basically said there's no way to fix it as the issue (assuming it was indeed a SQL Insertion attack) could be anywhere in the database. They said basically just restore it from your latest database backup.
Problem is...I've been really busy over the last few months, so my last DB backup was from January of this year.
So I uploaded this DB backup from January as another database, then table-by-table, I manually updated it with all the changes (new articles, members, forum posts, etc.) that have taken place since then - using phpMyAdmin from cpanel.
So then I went to check something out - in the cpanel file manager, I went to config.php to update it to the name of the new database. Then I clicked save, and when I got back to the file/directory listing, it said config.php size was 0 (empty). When I clicked edit again, there was nothing there. I tried again - same thing. I tried to delete it, then created a new file, named it config.php - but same thing again.
Then the Trash bin stopped working. Whenever I delete something, it disappears from the directory listing, but under trash can image, where the list of trash files should be, I instead get this:
This was quite puzzling - now I'm in even more of a mess. Can anyone help out?