Reinstall hekp

galacticgarry · September 1, 2024, 7:33pm

Howdy
My server was invaded by a bitcoin scheme all the . Htaccess files were changed.

How do I install a fresh version of backlight?

Daniel · September 1, 2024, 11:46pm

I would go into Backlight’s module section and click on re-install all. In the advanced admin section there’s an option to reinstall .htaccess and index.php of your site root directory as well. This should do the trick.

galacticgarry · September 2, 2024, 12:14am

Howdy
Thanks, I stumbled into that, but all the .htaccess files had their permissions changed so I get
Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
So .hataccess will be a bit tedious

Also are these files part of the backlight install?
jqsyzeqh.php
wp-blog-header.php
wp-cron.php

Thanks for your input!

Garry

rod_barbee · September 2, 2024, 2:29am

No (not in the root of the site, anyway). Could they be leftovers from a previous WordPress installation?

If you have your original order email that contains the Backlight Installer zip file, you can unzip that and simply upload the .htaccess file in the root and the .htaccess file in the backlight/ folder to their respective location on the server.

In your unzipped Installer you should see:
index.php
.htaccess
backlight/ (folder)
galleries/ (folder)

the .htaccess file goes to the root of the site
the .htaccess file inside of the backlight/ folder goes inside the backlight folder on the site.

Daniel · September 2, 2024, 4:51am

If you don’t have rights to access the .htaccess files, ask your host to change the permissions.

Ben · September 5, 2024, 10:03am

Hi @galacticgarry, do you have SSH access to your server? If this was my site I would run a command to change the permission of the .htaccess files in bulk.

I would be concerned about your site still being vulnerable to being hacked. Do you know how they were able to get in? (I’m assuming Wordpress). Has that vulnerability been closed? Have your found all of the malicious files and removed them?

galacticgarry · September 5, 2024, 11:05pm

Well the bad news is I had thought I had plugged the leak. Only to find this morning that my website content was deleted except for a few malware php files. I must have missed one in the cleanup.

So I had all my files backed up except for all my backlight galleries. I get to start over again with a “clean website”

Thanks for your help. Next time I backup the gallery folders too!

Garry