I just got a notification today, from my hosting provider, that they got an abuse report regarding phishing pages & copyright infringement from my UNA install. I got hacked. The root index.php got injected code that served those phishing pages. templates/images/ also got a new malicious index.php file that Trident 14.0 reported modified before updating from 13.0.1.
I would like some guidance regarding what/how to check for sanity of the UNA scripts. If I wanted to delete the whole thing to re-upload fresh files, what do I need to check ?
Also, I noted that my sys_storage_tokens table, in database, currently weighs 583 MiB and the sys_sessions around 115 MiB. Thats' 92% of the total of the database, and that seems intense for a forum having 260 users, 222 forum discussions and 600 comments. Can I safely purge them ? Are they transient things ?
Hello @Aurélien Pierre
Sorry to read that your website got hacked. Was your UNA plateform updated? Also, please make sure you apply the security fix mentionned here:
https://unacms.com/p/security-advisory-critical-vulnerability
A
The CMS was in version 13.0.1, I only updated to 14.0 today, so I did all updates.