Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+3 votes
1.3k views
in Q2A Core by
All my sites including Q2A site http://coolanswers.heatflows.info have been hacked.

Here is a screenshot. What to do next?
by
Apparently, it was a problem with the webhost. The hackers replaced index file of many sites on the server. The webhost has restored all my sites, including q2a site. thanx for all comments here!

1 Answer

+1 vote
by
 
Best answer
I don't think this is a result of using Q2A, but rather that someone got hold of your server's login and password, and replaced the site contents. That's also what the page content suggests. In any event, you should contact your web host provider - the steps will probably include wiping all content, changing your password, and reinstalling. Good luck!
by
Especially since the main domain was hacked as well as the subdomain, this almost proves the security flaw isn't with Q2A. But if Katte has made some core edits with their own PHP code, it could have introduced a security flaw perhaps.
by
As I saw on Your Drupal post, it seems to be clear that Q2A is not responsible for this failure. As well I read that they hacked the whole server where Your sites are on, this may be the result of any other install on this server, mostly caused by old cms which their owners forgot about. This is so, because popular scripts are much more often targeted by these hackers.

But, You really should think about Your hoster ! If it would be just Your sites it would be kind of "normal" . But if the hacker made it through the whole server, Your hoster seems to have bad security configurations.

Besides, this kind of hack is the better one, as they only changed the index files. These hackers see it as kind of sports to brake up as much sites as possible. And, just because it says it is kurdish, does not mean that it is kurdish.

I had the same problem a few years ago. I had to replace everything, as the hackers hided some program parts deep inside my folders. I as well needed the hosters help to delete some of their files.

However, good luck with this and thank You for the fast alert.

monk333
...