Site hacked?

I’ve got a client with a website down:

There was a ton of content on here as you can see from the Wayback machine:

that disappears by November 2022

All of the add-ons are there but none are installed. All the files are in place but the system doesn’t recognize them.

It’s running the old version with PHP 5.6.

Has anyone seen this or know how this could have happened? Could the PHP version be at fault? Any information would be appreciated.


It almost looks like someone changed the theme with the content replace option or something. Can you confirm it wasn’t reinstalled, site is using the expected database, etc.

1 Like

Possibly a redirect setup to point to a sub-domain with a basic install of the elemental theme.

Looking at the source of the current page, it looks like the theme could have been switched to Elemental (it’s referenced in the head a couple of times), where the one on the Wayback Machine had a package called “fundamental” with a custom theme within. If you had custom page templates in that theme, your content could still be in there, but the default page templates may have no associations with it.

Is the “fundamental” package still in the add-ons list?