Admin password changed (hacked) but site still live (solved)

Permalink
I built and help administer a website for a client and the site is completely live still but someone (externally) changed the admin password and email address (was a 10 digit randomised character password). Running 5.7.5.9 - only I had access to the admin account and I haven't been hacked personally as far as I know.

I can access the site as we have a second administrator account.

I'm in a situation where the client has someone else running the hosting and I have no idea how secure they are. I know there are wordpress sites on the same hosting. They are fussy about giving FTP access etc

I'm assuming this is a security breach on the hosting side? And if the site is still live I'm not sure what the hacker would be up to.

Thanks

 
lukasznillo replied on at Permalink Best Answer Reply
lukasznillo
The problem may have different grounds, someone may have access to FTP, to databases and thus someone can easily change different things. In my opinion, to be sure, run Concrete5 away from WP. Recently, I had a case where C5 files were modified (version 8.5.x) where Wordpress was running on the same account on the server. But the attacker took advantage of WP vulnerabilities and uploaded PHP WebShell :) (by the way making the popular URL Injection attack) If you do not have access to FTP, server logs will be difficult to diagnose.
avra replied on at Permalink Reply
Thanks. I'm going to try to reset it manually.
Maybe this a good simple way?https://documentation.concrete5.org/tutorials/reset-password-manuall...
avra replied on at Permalink Reply
Solved. Rogue developer changed it without informing us. Thanks for your help