It was back up and running, except with no access, all pages seemingly able to be viewed, except if you logged in, then it went dead. The hacker re - named it "Gone Information",
register.com did a restore and I guess the re-start point was right when he was in the midst of his work?
I changed the public_html to a different name and told them to redirect the domain, until I could sort things out.
I'm feel the vandal could've gotten in through public interface and that's how he brought it down a second time, after it had been restored.
There was an ftp account on there which I was not aware of. I thinking he could've set that up once he got full Admin powers through the Control Panel interface?. They couldn't tell me when the FTP was last used since they deleted the account before I could ask.
The tech support also explained what was wrong with the new.com site, I just needed to put the correct database name into the config.sys file to match the one there. He said to just re-name database .
I had a thought; to redirct the site to new domain and from there work on it without worrying that the vandal will come back and get in before we can fix it.
I think I tried to put a back-up of the sync forum site over there. The files I put up might be sitting there, already, But it would be from two months ago.
I think the Forum that was hacked will be most easily turned to read only, ultimately, since we know it is capable of that now?
What I am afraid of is that there is a time bomb in there and when a moment hits the clock it will erase itself. I'm not sure it can do that when it is off - line? And it doesn't seem like a back - up would help , since it would contain the same flaw.
I'm thinking I , at least , want to archive quite a few pages. If I put a copy of it on another domain ?, Perhaps I could just archive from there.
If I can get it clean?
We will just continue at the new domain and create links back to things we want to site in the old Forum.
Fatal: Not able to open ./cache/data_global.php" that was the new tag on the defaced site after the 2nd hack.
It seems my work of the past few months is still there. I was lucky so far.. My last back up was in Oct. when I was trying to get the new site to be a test site / backup site. But I never tested the back-up up to see if it would work.
Does one need to see what the site looks like while working on it, repairing. Or can someone who knows what they are doing just make it to a "read - only" site via files alone.
I'm concerned that if there is a virus or exploit in it, it could be wiped sometime, unknown , in the future.. Phew.
thanks in advance for any help you are able to give... And I don't know if upgrade will work on a crippled site?
Thanks everybody for any advise or pointers you are able to give.
Last edited by margverite
on Wed Dec 14, 2016 12:33 am, edited 8 times in total.