Hi there,

I've updated my sites to the latest version, 1.10.3 yet I'm getting repetitive security breaches - once hacked, this error message is displayed:


It's adding a bunch of malicious code on line 219, in the php tag, right after $smarty->_eval('?...

Screen shot attached.

I have no idea what all that is, but it don't look good! >:D

About 5 of my sites, on 3 different servers, have all had this hack a couple of times in the last few weeks... config and index have been set to chmod 644 - I try to set them to 444, but filezilla wont accept it - is there another way? Or is that not the issue?

Obviously putting the original index file back up fixes it, but I'd love to know how to prevent it. I update ftp and admin passwords regularly...

Anyone come across this or have any suggestions?

Thanks!

Please read this: viewtopic.php?p=276472#p276472

Rolf

_________________
Dutch CMSMS community website cmsms.nl and Wiki wiki.cmsms.nl
--------------------------
My CMSMS Tips and Tricks Weblog and website about Pneumatic Tube Systems / Rohrpost
My other (Dutch) website: Smakelijk eten zonder zout (Design: Compufairy)

Thanks Rolf!

It was nice of the hackers to comment their code.

Ha! I know...

It's organised crime that we're dealing with!

Hi,

Just wondering if anyone has come across this yet?

It's happened a few more times since.

Apart from upgrading is there anything else I should be doing?

Can the sever be hacked via the CMS admin? If users don't logout is it exposed? Is there a setting to enable sessions for the admin so if they don't logout the session will end?

Thanks.

If you have completely cleaned your sites... and some are still getting hacked, then the hack is probably coming from a file on your server either a file that exists on your site(s) placed there by a hacker.... or a site that exists on somebody elses site on the same host.

a: Clean your sites
b: Do system verification
- understand ALL of the errors, double check all of the files (even the images)
c: Tighten up all permissions
- Don't ask what permissions should be, they should be tight but the exact permission level depends on how the system is configured and the functionality you need.
d: Make a backup of everything (once it is clean)

if it happens again after you've cleaned up again, report it to your host or system administrator.

_________________
Follow me on twitter
--
if you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
----------------
Don't make me angry..... you won't like me when I'm angry....

Ok great - thanks for that will give it a go!

LOL

Yes, I seen it before. Like Calguy said, there is somewhere a file at your server that is changing your files.
So you aren't hacked *again*, but you are *still* hacked...

Rolf

_________________
Dutch CMSMS community website cmsms.nl and Wiki wiki.cmsms.nl
--------------------------
My CMSMS Tips and Tricks Weblog and website about Pneumatic Tube Systems / Rohrpost
My other (Dutch) website: Smakelijk eten zonder zout (Design: Compufairy)