Print

[WildWayz]

Yesterday my site was working fine... this morning I tried and now all I get is a prompt to install a missing language pack (which I ignore) and now the entire site has Arabic text and the theme has changed.

I have checked the files and re-uploaded them - no change.
I have checked the MySQL database - all the information is there still.
I have checked my Albums - all info is there.

I am running the latest version of Coppermine.

My setup never forced a Login before - so that has been implemented.

The url is http://www.moose-shack.com/photos/index.php

Can anyone help?

Thanks

James

[Nibbler]

Switch to english (http://www.moose-shack.com/photos/login.php?lang=english) then login and see what happened. Check for admin accounts that shouldn't be there and change your pass. Disable the login requirement in config too.

[WildWayz]

Thanks - just managed to fix this...
I deleted all language packs other than English (it's a personal site, so no need for multilanguage stuff).
I used phpMyAdmin and searched for qw33nkilla@hotmail.com (that is what the person changed the admin email to) - and changed it back to what it should have been.

I reset the admin password to another one - no other users were created.

I am going to change the MySQL password now....

Thanks for your help!

James

[Joachim Müller]

That's the proper method to clean your site. Make sure to scan for potential backdoors that the attacker might have left. To do so, download the entire content of the gallery by FTP, then make sure that only the expected files (images) reside within the albums folder. Compare the script files (PHP files) against a vanilla copy of the coppermine package (using a diff-viewer like WinMerge).
Also make sure that your passwords are non-trivial.