Hi!
We urgently need your guidance regarding a serious security incident.
At this point, four different websites have been compromised. These websites are hosted on different servers, so this does not appear to be related to a single hosting environment.
All affected websites are running the latest version of SP Page Builder. However, they are also using Helix3.
While investigating, we found the recent discussions in your forum regarding the Helix3 security vulnerability. We also noticed several recent reports from other users describing similar incidents, including the thread titled "Hacked By AntonKill", which suggests this may be part of a broader wave of attacks rather than isolated cases.
At the same time, we found multiple reports indicating that updating Helix3 has caused some websites to break or become inaccessible.
This leaves us in a very difficult situation:
We are concerned about keeping the current Helix3 version installed.
We are also concerned that updating Helix3 may cause our production websites to fail, based on the reports in your forum.
For the moment, we have temporarily redirected the affected domains to working copies hosted on another server while we investigate the incident.
Could you please advise us on the safest recovery procedure?
Specifically:
- Do you recommend restoring clean backups first and then updating Helix3?
- Is there a recommended update procedure to avoid breaking existing websites?
- Are there any additional cleanup steps that should be performed before applying the Helix3 security update?
- Are you aware of any compatibility issues with the current Helix3 update that administrators should consider before deploying it?
This issue is affecting multiple production websites, and we would greatly appreciate your official recommendation on the safest way to proceed.
Thank you very much for your assistance.
Best regards