Hi, I have made a few mistakes and done a few web server updates in Debian without confirming whether Nginx or Apache is required i.e. lay updates apt-get update && apt-get upgrade and just saying yes. The updates have likely run presuming that the server is an Nginx server instead of an Apache server. Now, I appear to have Nginx running instead of Apache and i'm getting a 403 error when visiting the website. Not sure of the exact date of the change. Is this something that I can change back? If so, how for a not so expert person! Thanks
See logfile Code: /var/log/dpkg.log for what has been installed and removed and when. Figure out what to remove to get back to the way you want. But just running apt-get upgrade does not install nginx or apache if you previously did not have them installed. So something strange happened.
Thanks for this - I run my web server on a dynamic IP and, when the IP **likely** changed, I had typed the new? IP address incorrectly and maybe the unintended recipient of the website access requests was running an nginx server. I have to update the IP addresses sometimes so it's a plausible error on my part. However, I have identified that one of my websites has been separately hacked and, coincidentally, the destination of the redirect is to an nginx server as well leading to me wondering whether the IP address had ever changed at all. I've been in touch with the Joomla security folk in their forum section but they don't really seem to have any instructions for nailing down where the dodgy redirect is coming from or whether there has been any SQL injection. Thanks again, any further thoughts, please do share. Stuck with a dynamic IP for the moment though so that bit is just par for the course!
The first paragraph I did not understand. The second chapter: try turning off javascript in your browser. That may stop the redirect from happening, if it was done with inserting javascript in the pages. Then you can read the source of the web page, and see what is there. When I had similar situation where website started redirecting to some malwaresite from every page, it was javascript that was inserted to 4000 pages in that site. I turned the website off, dumped database to text file, edited text file removing all the malicious javascripts (the script was identical on every instance) and restored the database from the edited dump.
