CMS Made Simple Forums

**Update We found the <? php $ cookey="."; preg_replace("."); ? ><?php in each config.php cmsms instance on our server. Cleaned the file and locked down permissions to 444 on that and index.php (post above mentioned similar issue with index.php) We also blocked inbound IPs that w...

Just checked config.php. found this before "#CMS Made Simple Configuration File" line.

<? php $ cookey="."; preg_replace("."); ? ><?php

is that supposed to there?

I'm not sure that I have a clean reference anywhere in my system if I've got malware.

Obviously, looking at where the bad file is would lead us to an CMSMS distro issue at first. We thought we'd nabbed it yesterday, but back today in the same place on one of the cmsms installs. It's back in this location: -rw-r--r-- 1 apache apache 155149 Jan 24 2015 ./cms***/admin/themes/OneEleven/p...

I downloaded directly from the downloads link on the CMSMS. I didn't run the signing, shame on me, won't do that again. :-) The package was downloaded to my Mac, then uploaded and decompressed on my hosting via the Webmin upload functionality on AWS. I still have the package locally if you want a co...

I installed cmsmadesimple-1.12-full.tar.gz on my server this weekend. There is a script in it that starts sending out spam, it started yesterday. From my system admin --- /var/www/html/cms_....../lib/lang/cms_selflink/ext/ was file stats72.php it's a encrypted script, unencrypted version stored in 7...