To my surprise nobody here seems to have faced this hacking before.
This morning my site (6.01.8) was changed to a dark site with some Russian(?) text with dull music and the title "Hacked by GURKAN142".
Googling for "GURKAN142" comes out with thousands of hits, whilst this site never seem to have had problems with this guy.
There was no damage done, other than he had replad index.php in the root with his own. Replacing it with the original restored my site to Status quo, but still... I have no idea how he could get away with the replace. All my files in the root are 644 and I am (as far as I know) the only one who has ftp access. "Apparently not" you might say, and I agree, so no need to reply this please.
I am not even sure this is a problem with PHP-fusion, because if he has got ftp access it is not necessarily a flaw in the security in php-fusion.
Did anybody else here have this visitor? Any theories for how he got in, and hov to prevent it to happen again, because I can easily restore the file, but I surely don't want to do that on a regular basis.
Need help?, Having trouble? • View our Documentation for Guides, Standards and Functions • Name and Organize your Topics and Content correctly in the corresponding Forums for best support results • Attaching Log Files and Screenshots when reporting issues will help • Provide with an URL to live example if one exists • Please read the How to Report an Error post • Please read and comply with the Code of Conduct