My site was banned by Google, saying it “may harm your computer.” Google identified xxxxxxxxxxxx malicious software that would infect users from my site. With assistance from my host provider they spotted some java code in index.php they thought looked suspicious. A snippet of the code follows, with the require_once line appearing at about line 70 of index.php. Perhaps you can tell if the line beginning with echo is suspicious or not.
If this code is not meant to be there, how do you think it could possibly have got into the code?
Does this mean that someone logged into the back end of my site and manually edited the file?
No one should be aware of my user code and password but me. How could this come about?
And, how can I monitor whether the code has changed without my knowledge? It’s kind of difficult if you don’t know where to look and what to look for.
Ron
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Banned by Google
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Banned by Google
Last edited by Rolf on Fri Sep 21, 2012 12:51 pm, edited 2 times in total.
Reason: Removed hacked code and links
Reason: Removed hacked code and links
-
Zoorlat
Re: Banned by Google
Sounds like your site has been hacked 
Which version of CMSMS do you have installed? (You can search this forum for more info about the security problems with versions before 1.3.)
Best
/Z
Which version of CMSMS do you have installed? (You can search this forum for more info about the security problems with versions before 1.3.)
Best
/Z
-
sayitlikeitis
- Forum Members
- Posts: 45
- Joined: Tue Nov 28, 2006 7:46 pm
Re: Banned by Google
I'm on v1.2 Barbados.
How do they get in and alter code?
What's the best way to monitor things?
How do they get in and alter code?
What's the best way to monitor things?
-
Zoorlat
Re: Banned by Google
As I understand it, they got in through old versions of filemanager. If you want to know more, read this post: http://forum.cmsmadesimple.org/index.php/topic,21759.0.html
The only way to safely get rid of the infection is to do a compleat re-install. By that I mean destroy everything - files, databases etc. Then install a fresh version of cmsms, and load the content from a known to be safe database back-up (I hope you have got one!). Depending on the size of your site, you can of course copy the text from your infected site first, and then paste that into the clean site. But make sure to not put back anything that might be infected (ie any non plain text content).
Also, make sure to change all the passwords, to your database as well as to your admin-accounts.
For more details, read this:http://forum.cmsmadesimple.org/index.php/topic,22516.msg109186.html#msg109186
The only way to safely get rid of the infection is to do a compleat re-install. By that I mean destroy everything - files, databases etc. Then install a fresh version of cmsms, and load the content from a known to be safe database back-up (I hope you have got one!). Depending on the size of your site, you can of course copy the text from your infected site first, and then paste that into the clean site. But make sure to not put back anything that might be infected (ie any non plain text content).
Also, make sure to change all the passwords, to your database as well as to your admin-accounts.
For more details, read this:http://forum.cmsmadesimple.org/index.php/topic,22516.msg109186.html#msg109186
-
Pierre M.
Re: Banned by Google
Saying it like it is : you are shooting yourself in the foot.sayitlikeitis wrote: I'm on v1.2 Barbados.
Always use the latest official stable version (1.4 today). Because blah blah and security fixes.
Pierre M.
