Hi, my client's site was hacked, inserted sql code into all php files. My background is graphic design, html & css, this is out of my range of expertise.
My client's site is down and needs to be back up right away. (Yesterday a targeted email went out to 15000 people referring to an upcoming event, this down time is probably costing her thousands.)
This happened a couple of weeks back but the guy who helped me restore it is out of town until next week.
What I've done so far... deleted the entire site, re-installed the original version of C5 that I installed last year 188.8.131.52. I restored the database to a version that was backed up about 5.5 days ago, (Saturday, when I last logged into the site & it was still good.) I went to the page to enter the database name & it says that c5 requires an empty database to install in. So, I've exported the database. Thought I'd delete it and then create a new one with the same exact name, install c5, then import into the database. However, whenever I create a new database I have to use a different name, it won't let me create one with the same name.
Going from memory if that file is in place and defines the DB connection then C5 will assume it is already installed.
You might also have issues with themes, templates and customizations that are not part of the default C5 installation as well as the contents of the /files directory for uploaded images etc... this depends how much customization you have done. Do you have a good backup of the files that make up the sites?
Above all, if you restore the site perfectly it has a good chance of being hacked again using the same method... if this was a poorly chosen admin password that is easy to fix but there are many other ways it could have happened, especially if you had custom PHP code on the site that could have been exploited.
> This happened a couple of weeks back
This definitely sounds like there is a security hole you need to fix, rather than just getting the site restored even if that is your short-term goal.
Before you deleted the site, did you happen to make a back up? If so you can probably just copy the config/site.php from the old site into the new site. If you didn't make a backup, well... now you have two problems.
If restoring site.php doesn't work, please post that here.
I assume you are on Dreamhost. It appears that a large number of their shared hosts have been rooted. So, this will keep happening until they fix the vulnerability, even if you get the site back up today. You should probably create a static 'down for maintenance' page with your essential event details.