My post was removed or didn't make it or? so sorry for the dup.
My site PBATS.com was hacked today
Running: Version 1.2.4 “Greenland”
Files added
PLUGINS DIR: modifier.getme.php
UPLOADS DIR: index.php
Result
When browsing to the site you get an apache user pass prompt
Solution
Remove files
Any other advise would be great.
Shane
Been Hacked!!!!
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: Been Hacked!!!!
this is a known issue.
1. Remove all files
2. Clear the database
3. Restore completely from a known good backup
4. Upgradeo to CMS 1.2.5
5. Change all CMS passwords.
1. Remove all files
2. Clear the database
3. Restore completely from a known good backup
4. Upgradeo to CMS 1.2.5
5. Change all CMS passwords.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: Been Hacked!!!!
Thanks CalGuy.
Does anything get added to the database? or is backing up a precaution? I didn't respond to the prompt or access the admin.
Shane
Does anything get added to the database? or is backing up a precaution? I didn't respond to the prompt or access the admin.
Shane
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: Been Hacked!!!!
this hack has been seen in many different ways
and you can never be sure what files were uploaded, or modified, or if they have a copy of your password table, or what
so you need to nuke everything and restore from backup.
and you can never be sure what files were uploaded, or modified, or if they have a copy of your password table, or what
so you need to nuke everything and restore from backup.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
styson
Re: Been Hacked!!!!
My hosting provider got hacked through one of my CMSms 1.2.3 sites. They rootkitted the server then proceeded to saturate all his outbound bandwidth with either spam or a DOS attach. This was 8 days after 1.2.5 was released. What a mess. All 18 sites have been patched to 1.2.5 and I'm now on the bugtrack@securityfocus.com mailing list now to watch for any new exploits.
-
Gasoline
Re: Been Hacked!!!!
FOR THE SECOND TIME IN A COUPLE OF MONTHS MY SITE IS HACKED. AND I ALWAYS USE LATEST VERSIONS. AGAIN TROUBLES AND A LOT OF WORK.
I WILL COMPLETLY REMOVE THE INSTALL OF CMSMADESIMPLE AND NEVER USE THIS PRODUCT AGAIN. I HAVE HAD TO MANY ISSUES WITH THIS SOFTWARE. BECAUSE I RUN MY OWN SERVER THIS IS POTENTIALY VERY DANGEROUS FOR ALL MY OTHER CLIENTS THAT RUN THEIR SITES ON THIS SERVER. IT COULD KILL MY BUSINESS !!
I WILL COMPLETLY REMOVE THE INSTALL OF CMSMADESIMPLE AND NEVER USE THIS PRODUCT AGAIN. I HAVE HAD TO MANY ISSUES WITH THIS SOFTWARE. BECAUSE I RUN MY OWN SERVER THIS IS POTENTIALY VERY DANGEROUS FOR ALL MY OTHER CLIENTS THAT RUN THEIR SITES ON THIS SERVER. IT COULD KILL MY BUSINESS !!
-
Signex
Re: Been Hacked!!!!
If you run your own server maybe you should look at that direction instead of blaming CMSMS.
Yes security issues happen with CMSMS, just like with every other software product, but when you use latest versions, and take decent server wide security measures you are pretty save, so theres no reason blaming cmsms.
Yes security issues happen with CMSMS, just like with every other software product, but when you use latest versions, and take decent server wide security measures you are pretty save, so theres no reason blaming cmsms.
Re: Been Hacked!!!!
CMS Made Simple is one of the fastest CMS'es out there to provide patches when a security hole is found!
Administrators of the sites should realy consider to subscribe to the announcement list to get fast notices of new versions and security fixes. Link to the mailing lists here:
http://www.cmsmadesimple.org/support/mailing-lists
Administrators of the sites should realy consider to subscribe to the announcement list to get fast notices of new versions and security fixes. Link to the mailing lists here:
http://www.cmsmadesimple.org/support/mailing-lists
Last edited by reneh on Sun Jun 01, 2008 12:46 pm, edited 1 time in total.
ReneH 
A search will save you hours waiting for an answer!
A search will save you hours waiting for an answer!
-
styson
Re: Been Hacked!!!!
Done! I totally spaced on the announce mailing list.reneh wrote: CMS Made Simple is one of the fastest CMS'es out there to provide patches when a security hole is found!
Administrators of the sites should realy consider to subscribe to the announcement list to get fast notices of new versions and security fixes. Link to the mailing lists here:
http://www.cmsmadesimple.org/support/mailing-lists
Thanks for the reminder. 