Was my website hacked?

My website is showing the error template just like on the development server (localhost) and I don’t know how to fix it. Other than that, my website has other problems like users can’t register right now. Please find attached a screenshot which shows the dirty blonde error space underneath “Forgot Password” which should only show at localhost.

I haven’t updated my CakePHP version to 5 yet. I’m currently running CakePHP version 4 and my XAMPP (localhost, development server) is using PHP 8.0.28. Maybe errors are appearing because my hosting company, bluehost, is running a more recent version of PHP and I need to update. I’m not sure.

I just logged into bluehost and I saw that my website is actually using PHP version 8.0 so I don’t think I need to upgrade. But maybe the older version of CakePHP is the problem?
I changed config/app.php a couple of weeks ago and I overwrote the file on my production server. I changed the file so that it wouldn’t issue warnings when there were errors but I don’t know what other settings I may have overwritten.


‘debug’ => filter_var(env(‘DEBUG’, true), FILTER_VALIDATE_BOOLEAN),

replace true with false

no warning and errors displayed on screen

first of all!! Bluehost scanned my computer for malware a week ago really bluehost scan your local computer?? I mean Bluehost is hosting so how & why they scan your system, how can they do that? and if they already done it all so may be they were suspicious(Hacker) not Bluehosters.

can you show your error or code?screenshots

can you open that project in local environment/localhost XAMPP/WAMP.
please use linux OS for programming there is 0% chance to virus or hacking attacks and linux provide apache2 server.

Hi shaan007. I mis-spoke myself. I meant to say bluehost scanned my shared serving environment for malware. I’m attaching a screenshot of the error for logging in but I don’t think there’s a problem with individual files; the whole serving environment seems to be damaged. And how does it help to use Linux as my localhost/development server? The hacking happened on the bluehost server and not my localhost.
The reason I don’t think the the individual files are the problem is because I uploaded the template and controller for the login to my shared hosting environment and I still got an error even though all of the files worked on my localhost.

It’s trying to create session files in /var/cpanel/php/sessions/ea-php80. Does that directory even exist? Does it have full access permissions for whatever user Apache is running as?

Thanks, Zuluru. I will take a look and then I will open a chat with bluehost.

You surely have a local copy of your site. Use FTP to download the version from the server to a different folder, then use diff (on Linux) or something like WinMerge (on Windows) to compare the two versions. Any differences (apart from logs, cache files, etc.) would be where a hack is present. If there are no such differences, then the problem is not a hack, but something in your code. Maybe not all your code is PHP8 compatible, for example, and the only problem is upgrading that.

1 Like

it seems that some permissions and path config issue! ok so now you can try it with database session… create new table in database. You can find session table in config/schema/sessions.sql directory just copy that sql scheme and past it in database and create new session table then please open app.php file

Configure::write('Session', [
    'defaults' => 'php' //set here session

replace php to database

now session save in database and its much sophisticated

please change permission 0755 to 0777. 0755 means anyone can read and write so its different sense in linux world, 0777 means execute file with read and write capability & now come toward the hacking!! so its not like hacking its just some PHP version issue or some miss-configuration issue… but if you seems that its hacking so please open you bluehost cakephp project look into all template files… is there any unusual code or any js code! but i am sure that’s not WEB ATTACK it just some server or php version issue may be

When I go to my website now I see the error page:
Please replace templates/Pages/home.php with your own version or re-enable debug mode.
Error: The requested address ‘/’ was not found on this server.
I uploaded my local home.php but the error persisted.
My localhost uses PHP version 8.0.28 and bluehost uses version 8.0 so I don’t think this should be a conflict. CakePHP 5.0 requires a minimum of PHP 8.1 so I assume version 4 is still provided for by my shared hosting account at bluehost. Bluehost has up to version 8.3 available so if I need to change to CakePHP 5 I can. I just don’t know for sure if an upgrade will solve the problem.

To shaan007, I don’t know why you think I should change 0755 permissions to 0777. I looked it up and found that
777 - all can read/write/execute (full access).
755 - owner can read/write/execute, group/others can read/execute.
so 755 seems to be what is necessary.

Hi Zuluru, I am using WinMerge to compare the files and am still going through them. It’s going to take a while.

I would have thought it would take basically no time at all. I’d expect no differences at all between what you have locally and what you have on your server.

An similar alternate approach, if you are using git for managing your source and have command-line access on your Bluehost server, is to just do git diff.

I kept getting error messages about not being able to start a session so I just changed to cake sessions in config/app.php:

    'Session' => [
        //'defaults' => 'php',
		'defaults' => 'cake',

and now it works.

1 Like

It was working at first but then when I went to the home page I saw the error message: Please replace templates/Pages/home.php with your own version or re-enable debug mode. So I commented the following part out and then it worked, but this is just a temporary solution. Maybe I need to update my CakePHP version from 4 to 4.5.

if (!Configure::read('debug')) :
    throw new NotFoundException(
        'Please replace templates/Pages/home.php with your own version or re-enable debug mode.'