1
Earlier today I noticed someone on my site under the IP 74.6.vvv.yyy. The YYY represented above was a constantly changing set of digits. The 74.6. were constant.
I noticed that my front page began to have the blocks showing up in all different positions. I checked the blocks in the admin module but they appear to be as they are supposed to be as far as the block supposing to be on the left, right, etc. But, they don't show up as they are designated to be on the front page.
I made no changes to the site itself prior to noticing the difficulties. I just noticed an ever increasing number of "users" on the site (usually runs about 10-25, but at this time up to 58 at one time). The admin area itself does not appear to have been violated nor is there any evidence that the password was broken. But, something happened and not subsequent to anything I did, so far as I can tell.
I am running 2.0.16 with protector installed.
To resolve this, I re-uploaded the 2.0.16 core files, the theme files, cleared the cache directory, cleared the templates_c directory, updated the system module, everything I could think of.
I checked a few minutes ago and it appears they are still trying to hack my site. I have reported it to the host and fully expect their genuine help. BUt, what do I do about restoring the site? What would they have done that I can undo? Thanks for any help,
Chappy
MMM...It tastes like chicken! ...