Hello-
I am running CMSMS 1.2 using PHP 4.4.9 and MySQL 5.0.67 all running on Linux. More info: http://areteproducts.com/check.php
My server was hacked and someone added a bunch of code to several of the .php files that caused multiple sites to stop working. This affected 20+ sites including other applications such as Wordpress, Zen Photo and others. I removed the CRAP code on all the files affected, then replaced the bad files with the good ones on the server via FTP. That fixed all of the Wordpress and Zen Photo sites, but I can't get my CMSMS sites back online with the same solution.
One of the CMSMS sites affected is: www.areteproducts.com
There were 10 files affected by the hack:
adodb.functions.php
adodb.inc.php
config.php
config.functions.php
content.functions.php
index.php
misc.functions.php
module.functions.php
page.functions.php
translation.functions.php
When infected, they each gave this fatal error:
Fatal error: Call to undefined function: get_encoding() in /homepages/29/d116508282/htdocs/advanced/index.php on line 1
I have removed all of the bad code on these files and uploaded the clean versions, but all I get is a blank screen and I can't figure out why. I thought perhaps the hacker possibly deleted a file from the server that I just don't see. I'm not sure. Please help me get the site back online!
I am happy to send someone the files or FTP access to assist.
Thank you in advance for your help!
I don't think it's necessary but here is the CRAP code that was placed on line 1 of my php files by the hacker:
No need to show the code...
Please Help: Site was hacked, can't get back online
-
mlbwebdesign
- New Member
- Posts: 3
- Joined: Thu Dec 13, 2007 10:04 pm
Please Help: Site was hacked, can't get back online
Last edited by Anonymous on Wed Apr 01, 2009 6:28 am, edited 1 time in total.
Re: Please Help: Site was hacked, can't get back online
Do you have a clean database backup? If you do, wipe your existing installation and reinstall a clean version of 1.2 (available in the Downloads section on this site), then restore from the clean db backup.
THEN UPDATE TO 1.5.3 ASAP
Once the update is complete and everything is working again, remember to make another clean backup of your files and db.
THEN UPDATE TO 1.5.3 ASAP
Once the update is complete and everything is working again, remember to make another clean backup of your files and db.
-
mlbwebdesign
- New Member
- Posts: 3
- Joined: Thu Dec 13, 2007 10:04 pm
Re: Please Help: Site was hacked, can't get back online
Thanks for the suggestion. I was hoping not to have to do a complete restart.
- Are there any online guides for how to download my database, then restore the site?
- What will I lose if I completely restart? Will I lose my customizations and files? (logos, product images, pdfs, etc)
Thanks again for the quick response.
- Are there any online guides for how to download my database, then restore the site?
- What will I lose if I completely restart? Will I lose my customizations and files? (logos, product images, pdfs, etc)
Thanks again for the quick response.
Last edited by mlbwebdesign on Thu Mar 26, 2009 11:07 pm, edited 1 time in total.
-
nuno
Re: Please Help: Site was hacked, can't get back online
Just my Modest opnion, if you server was haked and you have good backups and again if was me i will format the server (HDD disk) you no longer safe right now!
Re: Please Help: Site was hacked, can't get back online
Most good host will have a semi recent DB backup, the only thing in the folder/files you need are any files you may have added like images etc., all modules can be backed up and re loaded...
-
Pierre M.
Re: Please Help: Site was hacked, can't get back online
Hello,
From http://wiki.cmsmadesimple.org/index.php ... mall_Guide
"Always keep your system up to date".
New CMSms versions fix security holes. Not upgrading CMSms is leaving a known access open for all crapbots.
As Mark has said a good hosting provider makes at least weekly (or 10 days rotating) backups. Hence when you discover something you can go back some days for a sane version and analyse the http logS for the crack and harden your setup accordingly by adding a filtering rule.
BTW I expose CMSms directly to the web only when needed. Otherwise I expose only static exports generated by wget.
Pierre M.
Runing CMSms v1.2 with a direct web access in 2009 is asking for trouble.mlbwebdesign wrote: I am running CMSMS 1.2 (...)
My server was hacked (...)
There were 10 files affected by the hack:
adodb.functions.php adodb.inc.php config.php config.functions.php content.functions.php index.php misc.functions.php module.functions.php page.functions.php translation.functions.php
From http://wiki.cmsmadesimple.org/index.php ... mall_Guide
"Always keep your system up to date".
New CMSms versions fix security holes. Not upgrading CMSms is leaving a known access open for all crapbots.
As Mark has said a good hosting provider makes at least weekly (or 10 days rotating) backups. Hence when you discover something you can go back some days for a sane version and analyse the http logS for the crack and harden your setup accordingly by adding a filtering rule.
BTW I expose CMSms directly to the web only when needed. Otherwise I expose only static exports generated by wget.
Pierre M.
-
nuno
Re: Please Help: Site was hacked, can't get back online
Again wend the server is hacked you never know wend this happend so the best pratice is format the HDD server and restore the backup-sites all server config may be compromise!Pierre M. wrote: As Mark has said a good hosting provider makes at least weekly (or 10 days rotating) backups. Hence when you discover something you can go back some days for a sane version and analyse the http logS for the crack and harden your setup accordingly by adding a filtering rule.
