CMSMS 1.8 Security Issue in index.php

[Chrysogonus]

I've been using CMSMS for a few years now without any issue; it's a wonderful piece of software. Recently, though, I've run into the odd situation of someone injecting code into our index.php file. When I discovered this, I upgraded from 1.7.1 to 1.8 and applied the applicable settings from the security guide on this forum, but it happened again today. When this occurs, the site does not come up at all; rather, I get the following error message:

Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/stjudes/stjudesbrantford.com/index.php on line 51

I'm only glad that this is something that is quite obvious when it occurs. Replacing the index.php file with a fresh copy fixes this, but I can't understand how this is happening in the first place. I have attached a copy of the infected index.php file. Would someone mind taking a look at this? Many thanks in advance.

[calguy1000]

code injection attacks like this can come in from a number of ways

a) a weakness in the CMS
b) a weakness in another script you are using
c) on improperly configured shared hosts, a weakness in a script/CPS used by SOMEBODY ELSE on your server.

You would need to identify exactly HOW those changes were made to your .php file.