For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
That code is not part of the official release. It's a possible infection.
* note: pasting those code spinets is not allowed as they are signatures by which virus can be identified and may blacklist the forum.
"There are 10 types of people in this world, those who understand binary... and those who don't." * by the way: English is NOT my native language (sorry for any mistakes...).Code of Condut | CMSMS Docs | Help Support CMSMSMy developer Page on the ForgeGeekMoot 2015 in Ghent, Belgium: I was there! GeekMoot 2016 in Leicester, UK: I was there! DevMoot 2023 in Cynwyd, Wales: I was there!
Ok, thanks. Well, after so many years with CMSMS, I have never seen a hacked site. Is it possible to change index.php through CMSMS itself? Or only by hacking FTP?
There are even a few topics about steps to recover from possible hacks.
Keep in mind that CMSMS is not the weak link in all the of occurrences I know of.
"There are 10 types of people in this world, those who understand binary... and those who don't." * by the way: English is NOT my native language (sorry for any mistakes...).Code of Condut | CMSMS Docs | Help Support CMSMSMy developer Page on the ForgeGeekMoot 2015 in Ghent, Belgium: I was there! GeekMoot 2016 in Leicester, UK: I was there! DevMoot 2023 in Cynwyd, Wales: I was there!
Well, one of your team thinks its originally a wordpress virus. I would be very surprised if the problem was CMSMS, because I always take the recommended security measures, setting most limited ftp permissions to files, rename the admin folder and so on.
If you found strange code in your index.php you can remove it and replace it with a fresh one from the tar.gz of the same cmsms version, unpack and upload to site...
thomahawk wrote:Well, one of your team thinks its originally a wordpress virus.
Most possibly. And sorry for my previous quite cryptic post...
"There are 10 types of people in this world, those who understand binary... and those who don't." * by the way: English is NOT my native language (sorry for any mistakes...).Code of Condut | CMSMS Docs | Help Support CMSMSMy developer Page on the ForgeGeekMoot 2015 in Ghent, Belgium: I was there! GeekMoot 2016 in Leicester, UK: I was there! DevMoot 2023 in Cynwyd, Wales: I was there!
"There are 10 types of people in this world, those who understand binary... and those who don't." * by the way: English is NOT my native language (sorry for any mistakes...).Code of Condut | CMSMS Docs | Help Support CMSMSMy developer Page on the ForgeGeekMoot 2015 in Ghent, Belgium: I was there! GeekMoot 2016 in Leicester, UK: I was there! DevMoot 2023 in Cynwyd, Wales: I was there!
"There are 10 types of people in this world, those who understand binary... and those who don't." * by the way: English is NOT my native language (sorry for any mistakes...).Code of Condut | CMSMS Docs | Help Support CMSMSMy developer Page on the ForgeGeekMoot 2015 in Ghent, Belgium: I was there! GeekMoot 2016 in Leicester, UK: I was there! DevMoot 2023 in Cynwyd, Wales: I was there!
Okay, it seems somehow there was a worpress installation running on that hosting, or however, a wordpress virus got in or was there and infected php files of the same name and location as they would be in a wordpress installation. This happened not just now, but about a year ago on first CMSMS install. About 11 php files where infected. Not a serious virus, just data collection as it seems, and the collectors server not active anymore.
However, we used that for making a upgrade of CMSMS and get rid of the infected files. Could have been done manually too on that 11 files. Hope that bugger does not come back again.
