Weird link

[bjits]

Hello,

I have found the following code at the bottom of the index.php of the CMS page
xxxxxxxxxxxxxxxxx
This line generated lot of links; below are the first three lines from 200 lines which got generated
xxxxxxxxxxxxxxxxx
Please advise if any of the cmsms module can add this kind of decode code.

Regards

[Rolf]

hi bjits

Your site has been hacked...

®

[bjits]

Hi,

I spoke to my hosting comany and they have said that there is two possibility

1) FTP password has been compromised
2) The version of the CMSMS is old and could be vulnerable to the CGI attacks

Now we have change the password of FTP but not sure whether it could be CGI attacks.

My question is whether CMSMS is vulnerable to any CGI attacks which can write a code directly into index.php at the bottom of the page.

Do I need to load the most recent version of CMSMS. Currently I am using Version 1.4

Please advise.

Kind regards.

[Rolf]

Hi,

If I recall correctly there hasn't been a report of a cmsms hacking since version 1.2.x and thats a while ago...

Althought your cmsms version is very old and you really need to upgrade, I don't think thats the problem here. Your site is most probably ftp-hacked.
There will be some non-cmsms files on your server. These scripts will place the unwanted stuff in your files.

You can put a clean back-up back on the server. But is is really clean...
The best way out, is to reïnstall cmsms on a blanc webserver with the excisting database.
Back-up files and database first of course!!! (good virusscanner enabled)

Later on put your images and other stuff (after checking) back on the server.
This is the only way to ensure the hacking can't start over again, and again...

There will be similar topics in the forum, with perhaps more info on this.

®

[fredp]

...
My question is whether CMSMS is vulnerable to any CGI attacks which can write a code directly into index.php at the bottom of the page.

Do I need to load the most recent version of CMSMS. Currently I am using Version 1.4

Please advise.

Hi,

When I have questions about CMSMS, I first search the forum and the wiki sites before posting.  I have often found answers to my questions there and that has saved me time.  For example, consider how long you waited for me to read this topic and reply, then compare that to the minute or two that it took me to search the forum and wiki sites and find these two links (among others):

  http://forum.cmsmadesimple.org/index.ph ... #msg143989
  http://wiki.cmsmadesimple.org/index.php ... mall_Guide

The forum and wiki sites have search facilities or one can use external search engines.  For example, you might try something like these google search terms for starters:
  site:cmsmadesimple.org support current version
  site:cmsmadesimple.org  howto secure cmsms

Hope this helps,
Fred