Suspicious.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • chrisjames
    Junior Member
    • May 2024
    • 17

    Suspicious.

    hello all,

    site completely off line. Any thoughts? Message from website:



    You need to configure your webserver in order to being able to run EspoCRM. After that, refresh the page. For Apache webserver


    You need to have mod_rewrite enabled. You can do it by running in the terminal:

    sudo a2enmod rewrite
    sudo service apache2 restart
    Non-production environment


    You need to enable `.htaccess` usage in the apache configuration. Add the code:

    AllowOverride All

    thanks.
  • yuri
    Member
    • Mar 2014
    • 8794

    #2
    Bug Reports is not a suitable category for this post. There are Bug Report rules in the sticky post.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    • chrisjames
      Junior Member
      • May 2024
      • 17

      #3
      Hi Yuri,
      sorry for post mistake. Shall I repost this in general? Please could you delete?
      thanks
      chris

      Comment


      • yuri
        yuri commented
        Editing a comment
        Hi, No problem. The post is already moved to the appropriate category.
    • chrisjames
      Junior Member
      • May 2024
      • 17

      #4
      Just thought I'd update you all. I've restored the site. after looking at the folders I found some folders with the prefix "WP-". Not sure how they got there. my .htaccess file had been overwritten too.

      Solution: deleted files and uploaded a backed up .htaccess.

      Future problem, I've found these files were in the backups going back three weeks. It appears that the .htaccess file is ok from back then.

      I'm spooked!! Any ideas how files have got in to my server?

      Comment

      • shalmaxb
        Senior Member
        • Mar 2015
        • 1650

        #5
        If you host your espoCRM on an internet webspace or server, this could be a hint for a hacking attempt. WP- normally stands for Wordpress and one of the most common hacking is to try to hijack a server, where an unprotected Wordpress installation is running. These hacking bots do not attack only Wordpress installation but attack whatever server and using modified Wordpress files to get access, hoping to infect a Wordpress installtion.
        Look into your hosting/server, if there are more folders or files with a WP prefix, even outside of your espoCRM installation in folder levels above. If you do not run Wordpress on your hosting/server then delete all these files.

        Comment

        • chrisjames
          Junior Member
          • May 2024
          • 17

          #6
          Thank you shalmaxb

          I’ve found and deleted these files. Looks like everything is still working.

          Comment

          Working...