OK, as you might have noticed, many, many PivotX installs have been hacked. The vulnerability used by the hackers is fixed in PivotX 2.2.5 that was just released, but what exactly do you?
Added February 2012: Many PivotX installs were hacked in October 2011 using another vulnerability - the TimThumb exploit (which has been fixed since version 2.3.0).
- Download a copy of the pivotx/db and pivotx/templates folders (using FTP). Just to be safe.
- Then check your images, pivotx/templates and pivotx/db folders. (The integrity checker in PivotX Tools will help you - see last item in this list.) Are there any unknown/strange files created after February 11th? (This is easily done using the FileZilla FTP client and the "Search remote files" function in the "Server" menu. It's most effective if you do the search three times - when standing ech of the three folders.) You'll find some files modified because the hacker has logged in to your site - at least db/ser_events.php, db/ser_logins.php, db/ser_sessions.php, db/ser_users.php and maybe a file inside db/standard-00X00 since the hacker made a post.
- Upgrade to the latest PivotX. That means downloading the zip/tar.gz file and installing the files. Basically you just overwrite the old files.
- Select "Reset my password" in stead of logging in normally to your site. This will send you an e-mail with a link to get the new password - the hackers have most likely changed your old password. (If you don't get the e-mail or PivotX replies "PivotX was not able to send a mail with the reset link.", don't hesitate to contact me at hansfn@pivotx.net for more help.)
- Finally, install the PivotX Tools extension - download, unzip and upload the pivotx_tools folder to your pivotx/extensions folder. After enabling the extension, select the "Check Integrity" under the new main menu item "PivotX Tools". All files reported as unknown or suspicious, can be malicious - so called remote shells. Download the files (to be sure) and delete them from your server.