Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By rsmith77 on
I have just discovered that my site was hacked, Webhostingbuzz confirmed it.
The problem I have is the hackers amended my username and password. I have tried resetting my password but it doesn't recognise my username or emails.
I have reset my password for the control panel and have access to myPHPadmin but don't know how to add a new admin user.
I have looked at users (myPHPadmin) but so many fields, I don't know what to add to get it to work. Once in to the admin of the drupal website, I can create a new account. Can anyone help.
Cheers
Comments
Look at the users table and
Look at the users table and the entry for user (uid) 1. You can edit the record to change the user name and email address, the request a new password.
Go to phpMyAdmin and select
Go to phpMyAdmin and select your database. Go into the users table and locate the entry where field uid is 1. Click on the edit for that entry in phpMyAdmin. Change the username to something only you know and for the password paste in this encrypted string:
$S$DgTH8IzBGXDxeSTYeUyf.UCe889lbOIFIhqsf3eKTNsUyIFLdeTwThat password is the encrypted form for: recover2015
Change the email address to something bogus as they may already have something setup to email them new login credentials. You can change that to something real after you login.
Now you can login and you'll have admin access. Immediately change that password to something only you know.
Make sure in account settings only an administrator can setup an account. From drupal.org install the module noreqnewpass. Also add something like captcha. Once you're certain they didn't set anything up to email the login credentials you can change the email address.
Seems they wiped all the
Seems they wiped all the content so tried to recreate it.
Added the 1 to the uid field
Copied the encrypted string into pass and added my username and email.
Are there any other fields that must be filled in. I'm getting "The username ******** has not been activated or is blocked".
If they had access to you
If they had access to your data and you are using your old username and email you may want to change those to something new that only you know. To unblock an account go to status field in phpMyAdmin and change it to a 1.
Thank you for your help, the
Thank you for your help, the status field was set to 0 so I am now in .
I have given the account a new email address but still plan to rebuild the website with a fresh install of drupal.
=-=
which version of Drupal was in use? If pre 7.32 at any point during this process I suggest a rebuild.
Drupal 7.31, think I will
Drupal 7.31, think I will rebuild, start from scratch. First I will copy page content into a file so it's easy to reproduce.
Use phpMyAdmin to export the
Use phpMyAdmin to export the database. You can then selectively import any tables, records etc. you want regardless of what version of D7 you install.
=-=
if a backdoor was inserted into the database then the above wouldn't help. see: https://www.drupal.org/SA-CORE-2014-005