<! sites hacked by malware

[mikemcvey]

Hi,

I have just had 3 sites hacked by malware.

It has inserted malicious iFrames and code into 2 files (bottom of index.php & top of includes.php).
My local version of the sites is OK.. so how did the code get in?
I have all my permissions set at 644.....

Any ideas how to stop it happening again?

Mike

[Augustas]

Which version of CMSMS are you running?
If older than 1.2.5 then upgrade your CMSMS immidiately and also read here:

http://forum.cmsmadesimple.org/index.ph ... 09186.html

[mikemcvey]

Thanks for the info...

I was running...
1.2 Barbados

Will upgrade ASAP.... do I really need to delete the database?
Quite a few edits since last backup so prefer not too...

Mike

[Dr.CSS]

You may try to just delete all FILES/FOLDERS then replace all files/folders from the original 1.2 and add any files/folders you may have added since first install and it should be good to go, but go thru whole site to make sure, then do an upgrade ASAP...

[Augustas]

Would be recommendable to delete DB and overwrite with database backup as well.
2 months ago my 1.2.4 CMSMS site was hacked as well. I did carefull search of any changes made by hackers and I found nothing in the database. But who knows if your hack was the same like mine (probably not).

You might want look through your database and and if you see nothing suspisious, you might keep it.
You could use Winmerge program for looking for the differences between dump of you current Mysql and last DB backup.
But overerite ALL folders and files from the scratch, and change all the passwords (including MySQL logins).