Hacking via SQL injection

Rolf · Post by **Rolf** » Sun Apr 26, 2015 3:26 pm

And why does that coder think that? Based on what?

burlington · Post by **burlington** » Mon Apr 27, 2015 8:54 am

Rolf wrote:And why does that coder think that? Based on what?

I have no idea! He uses CMSMS and can also write in php, which is more than I can!

Rolf · Post by **Rolf** » Mon Apr 27, 2015 9:03 am

Than we can't do a thing...

burlington · Post by **burlington** » Mon Apr 27, 2015 9:22 am

Rolf wrote:Than we can't do a thing...

Point taken. I will ask him to give us chapter & verse.

janvl · Post by **janvl** » Mon Apr 27, 2015 4:13 pm

Hi,

I have quite some experience with sites that run CMSMS and I do not know of sites that were hacked with a SQL-injection.

When you
- keep the site uptodate
- follow the guidelines for a secure site
- have a hoster that has good security-policies

then CMSMS is pretty secure.

Much better then Wordpress, better then Joomla (I had 1 install hacked), in short better then most.

My guess of what you have written is a problem with the hoster, or your own install where permissions were not set strict enough.

Did you also check if PHPMyAdmin was hacked? Some people just forget things like that.

Kind regards,
Jan

burlington · Post by **burlington** » Mon Apr 27, 2015 4:30 pm

This hacker targeted 2 sites that are related, in the sense that they are about the same person's business. Same host, different accounts. Same hacker methodology. Changes user's email address, uses lost password facility, and then gets in to the CMS.
The passwords used for both the host and the CMS are 'high security'. 10-12 digit. Alpha numeric.
I can't see anything else.

janvl · Post by **janvl** » Mon Apr 27, 2015 5:27 pm

You did not by accident leave in the news the name instead of the author-name? Because this is a weak spot.

Did you check your local PC? Maybe a keylogger or bot or so?

Regards,
Jan

burlington · Post by **burlington** » Mon Apr 27, 2015 5:50 pm

janvl wrote:You did not by accident leave in the news the name instead of the author-name? Because this is a weak spot.
Jan- not too sure I understand this

Did you check your local PC? Maybe a keylogger or bot or so?

- yes. Full protection. In any case for one of the hacked sites I have not been near it for a couple of years and neither has the site owner.

staartmees · Post by **staartmees** » Mon Apr 27, 2015 7:02 pm

If you haven't been near one of those sites for years, it was running on an old and unsafe core and modules.

Dr.CSS · Post by **Dr.CSS** » Mon Apr 27, 2015 10:10 pm

Is it on a shared host that might have a WP install on it or some other vulnerable system, if the sites have been upgraded to the latest CMSMS and the modules are all up to date there is a chance that another site has let someone into the server...

janvl · Post by **janvl** » Sat May 02, 2015 3:59 pm

"weak spot"

In the summarytemplate

$entry->author

should be

$entry->authorname

then $entry->author reveils the name of the CMSMS user that can login

Kind regards,
Jan

burlington · Post by **burlington** » Sat May 02, 2015 4:55 pm

Thank you. Very helpful.

Martin

CMS Made Simple Forums

Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection

Re: Hacking via SQL injection