Investigating a Hacked `site_url` That Redirects the Entire Site Elsewhere

If `[(site_url)]` suddenly resolves to a чужий domain, treat it as a compromise investigation, not a simple configuration glitch.

When the public site suddenly redirects elsewhere because the base href no longer resolves to the expected domain, the key question is not only how do I change it back? but where was it changed?

Possible locations

database-stored configuration values
core configuration files
malicious runtime code that rewrites the value before output
server-side compromise beyond the CMS itself

If a site-wide value like site_url has been hijacked, assume compromise until proven otherwise. Restore the clean value, then audit both files and database for the original intrusion path.

Newer post

Working Productively with Very Large Document Trees in Evolution CMS

Practical strategies for keeping large Evolution CMS sites manageable when the resource tree becomes overwhelming.

Older post

Fixing the “Delete Locks” Tool After Moving a Site to Another Host

What to check when the manager lock-cleanup action stops responding after a site migration.