http://www.treeoflifelcms.org
Using CMS Made Simple 1.11.10 Site got hacked. The following pages were modified by the hacker.
\index.php
\admin\footer.php
\admin\header.php
\admin\index.php
\admin\login.php
\admin\themes\ncleargrey\login.php \admin\themes\oneeleven\login.php \modules\cmsprinting\action.default.php \modules\menumanager\action.default.php \modules\menumanager\action.setdefault.php
\modules\microtiny\action.default.php
\modules\news\action.default.php
\modules\search\action.default.php
The following code was injected into those pages:
XXXXXXXXXX
Please help me figure out how to stop the hacking. The site is getting hacked about every week. I delete the whole site and re-download a fresh copy of CMS Made Simple 1.11.10
1.11.10 Site got hacked - code injected
-
amandamaddox3
- New Member
- Posts: 3
- Joined: Tue Apr 29, 2014 1:43 am
1.11.10 Site got hacked - code injected
Last edited by Rolf on Tue Apr 29, 2014 6:23 am, edited 1 time in total.
Reason: please do not post hacked code
Reason: please do not post hacked code
-
chandra
Re: 1.11.10 Site got hacked - code injected
It seems the hacker know very accurate what he have to do to point you.
To the first you should change ALL passwords (CMSMS backend, database, FTP, host). Then you should check the file permission of named files. They should be read and execute but NOT written.
After that you should make a look to the logs on your host and see where the attack come from.
To the first you should change ALL passwords (CMSMS backend, database, FTP, host). Then you should check the file permission of named files. They should be read and execute but NOT written.
After that you should make a look to the logs on your host and see where the attack come from.
-
amandamaddox3
- New Member
- Posts: 3
- Joined: Tue Apr 29, 2014 1:43 am
Re: 1.11.10 Site got hacked - code injected
Chandra,
The last time I downloaded the CMS Made Simple 1.11.10 code I changed the php files mentioned set to 0644. I had not done that in the past.
So far so good.
I also noticed that the .js files in the "lib" folder had been modified. What permission level do .js files need to be set?
The last time I downloaded the CMS Made Simple 1.11.10 code I changed the php files mentioned set to 0644. I had not done that in the past.
So far so good.
I also noticed that the .js files in the "lib" folder had been modified. What permission level do .js files need to be set?
Re: 1.11.10 Site got hacked - code injected
If this is a weekly thing I would think it was a compromised shared server with some other system like WP installed on the server that is letting the hacker in so it can screw with all sites on it...
-
amandamaddox3
- New Member
- Posts: 3
- Joined: Tue Apr 29, 2014 1:43 am
Re: 1.11.10 Site got hacked - code injected
Dr.CSS,
I actually had thought the same thing. Contacted the Server Admin. They told me there are about 160 other sites on that same server and none are having issues.
Just mine. So far so good. The site has not been hacked since the permissions changed on the above files.
I actually had thought the same thing. Contacted the Server Admin. They told me there are about 160 other sites on that same server and none are having issues.
Just mine. So far so good. The site has not been hacked since the permissions changed on the above files.
Re: 1.11.10 Site got hacked - code injected
The hacker probably added a script/file to your server and change your files again (and again...)
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
-
milehigh
Re: 1.11.10 Site got hacked - code injected
Make sure whatever PC's you've accessed the site via FTP are not infected. Change all your FTP passwords and thoroughly scan your PC. Make sure you're not letting your FTP client store the passwords either, some store them as plain text.
