[FIXED] Malware on CMSMS.org

klendino · Post by **klendino** » Sun Jan 22, 2012 4:59 pm

Since this morning I get a warning in Google Chrome:
Warning: Something's Not Right Here!
http://www.cmsmadesimple.org contains content from xxxxxxxxxxxx, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.

RonnyK · Post by **RonnyK** » Sun Jan 22, 2012 5:30 pm

is fixed....

Ronny

krussell · Post by **krussell** » Wed Feb 08, 2012 1:13 am

I am currently getting the malware warning:

"Warning: Something's Not Right Here!
http://www.cmsmadesimple.org contains content from "google-analytics.su", a site known to distribute malware. Your computer might catch a virus if you visit this site.. "

Wishbone · Post by **Wishbone** » Wed Feb 08, 2012 2:44 am

I'm getting that as well.

jmcgin51 · Post by **jmcgin51** » Wed Feb 08, 2012 4:25 am

same here (2225hrs Central US time, 07FEB2012) Firefox reports forum.cmsmadesimple.org as an attack site.

calguy1000 · Post by **calguy1000** » Wed Feb 08, 2012 4:29 am

We're on it.

It seems we're the subject of targeted attacks.

We have fixed what they changed (numerous times).
We are just not sure how they are getting in. Some type of file upload vulnerability it seems.
We just haven't found which package and/or site that is on this server is vulnerable.

calguy1000 · Post by **calguy1000** » Wed Feb 08, 2012 4:36 am

I promise a full report when we find the solution to this.

If it's a vulnerability in CMSMS core:
- We'll fix it and spit out a new release.

If it's a vulnerability in an addon module:
- We'll find the bug and give the report to the author
(If it's one of my modules, there'll be a new release).

If it's a third party package
- We'll fix the bug and file a report, and let everybody here know.

oliver341 · Post by **oliver341** » Wed Feb 08, 2012 10:50 am

Looks serious.

Yesterday I couldn't download CMSMS, I kept being redirected to Bing or a weird hostname which didn't resolve (probably a malware url which has since been deleted).

Now, the download page is missing all of its download links:

http://www.cmsmadesimple.org/downloads/
http://i39.tinypic.com/2e1dkdk.png

Zafazo · Post by **Zafazo** » Wed Feb 08, 2012 8:17 pm

So has this been resolved?

It appears the download links have returned, I just don't want to download a vexed install of CMSMS.

Google doesn't appear to have visited the site since yesterday is why I am asking.

Much luck in resolving this issue.

baresi · Post by **baresi** » Thu Feb 09, 2012 12:30 am

Same question, are the downloads safe now?

calguy1000 · Post by **calguy1000** » Thu Feb 09, 2012 12:31 am

Yes, the errors are all resolved.

The downloads always were safe... the hacker was injecting some html into the page source to fug with our analytics js... that's all.

baresi · Post by **baresi** » Thu Feb 09, 2012 12:36 am

Thanks

CMS Made Simple Forums

[FIXED] Malware on CMSMS.org

[FIXED] Malware on CMSMS.org

Re: Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org

Re: [FIXED] Malware on CMSMS.org