A client from US recently contacted us to fix his hacked Real Estate web site. He was using the free version of Open Real Estate script.

Here is the screenshot of the script. You can check the live demo here

I checked last modified files using filezila and found that many of the php and js files have hacker file like

@include "\x2fh\x6fm\x65/\x67o\x6fd\x70e\x6fp\x2fp\x75b\x6ci\x

Browser console also showing many errors.One page it is trying to load is 10.10.10.10/jquery.js

I just done the following steps to clean the website.

1. Changed passwords (FTP/MySQL) and script admin login

2. After taking the backup, fresh copy of script uploaded to public_html folder

3. Created new database and imported the sql from backup.

4. Updated Databse details /public_html/protected/config/db.php

After that when i check the site it was redirected to installation page.

So I compared the backup and fresh files and found that file already_install missing. Reuploaded it to /public_html/protected/runtime/already_install and site started to working.