-
@Alex T⚜️ We Got Hacked. Here's What I Learned the Hard Way.
But I just want to say thank you for your input and advise first...
Truth is, we went through a nightmare recently. A hacker got into our system and made us feel like fools. We’d delete his PHP files from our public folder, thinking we’d cleared the threat… only to be hit again 5–10 minutes later — same Halloween-style defacement screen, again and again. It became a joke. A painful one.
We were running UNA 14.0.0-RC3, and honestly, it had served us well. It was stable and we never bothered upgrading. That was our first mistake. We got comfortable. Too comfortable. And when this attack hit, we realized just how exposed we were.
No antivirus or external scan fixed it. This wasn’t some basic malware. It was a real person — someone who knew how to move through open-source code and take advantage of lazy configurations or old habits.
I remember watching a movie years ago — about a rich tycoon with the best IT minds on his payroll. Yet his empire crumbled in seconds because his team used open-source code they didn’t bother to harden or secure. That story came back to me with a vengeance. Now I get it.
When we rely on something like UNA CMS — powerful as it is — we need to remember: we’re also part of the defense. The open nature of it means tech-savvy people (some with good intentions, some not) are always poking around. If we don’t do our part, the cracks show.
We shut down logins and registration to try and isolate the threat. That gave us time to track weird PHP files and watch our URL logs for anything odd. And yes, we found signs. Fingers pointing to a specific IP. Someone was having a field day — and we were the playground.
But here's what I want to say to others running a commercial UNA site:
- Have a backup server ready. Seriously. Something that can take over fast.
- Don’t wait on updates. Upgrade when the core team tells you it’s stable.
- Watch your logs like your life depends on it. Sometimes, it kind of does.
- Plan for worst-case scenarios. A site takedown can be more than embarrassing — it can shake the trust of your whole community.
Eventually, UNA 14.0.0 (stable) helped us get back on our feet. But it took effort, testing, and more pressure than I’d ever want to face again.
We love this platform. We believe in it. But we also learned: never let your guard down. You may not get a second chance to recover like we did.
To anyone out there — especially those who lead platforms like we do — don’t wait for the storm. Prepare now.
Stay safe. Stay sharp....
Regards
Chris
-
it looks like you we hacked because of this vulnerability - https://unacms.com/p/security-advisory-critical-vulnerability
it's better to restore the site from backup before your site was hacked, since cleaning it up is very tedious task and you can't always be sure that you cleaned up everything.
-
Hey @Alex T⚜️ , It was a business decision one can say, cause the damage done was only to script files and sometimes the tedious work has to be done considering other factors.
Comment to 'Clarification and Inquiry Regarding Recent Security Advisory'
