CMS has been hacked

[devilslayer]

My index.php file has been hacked somehow.
See below (line 53-68):

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I also had this happen to another website that doesn't use CMS Made Simple. I had exactly the same IFRAME inserted within the static HTML homepage of the website.

;http://www.royalengineersforums.co.uk

I have deleted the other website and put up a message explaining why.

How is this person (xxxxxxxxxx) managing to change files on my web server.

I need to know what is happening here, so I can tie down the security to stop it.

[ID2020]

Where you using the same passwords for both sites perhaps?

Or used it on the site somewhere?

[Signex]

is it on shared hosting?

[devilslayer]

is it on shared hosting?

It is a reseller account, so I suppose the answer is yes.

Are you saying that this individual has access to my web server?

[mager]

Quick answer: yes!

Though I don't know if he came through CMSMS, trough the filesystem or through MYSQL.

I'd change all passwords right now.

Martin

[devilslayer]

Quick answer: yes!

Though I don't know if he came through CMSMS, trough the filesystem or through MYSQL.

I'd change all passwords right now.

Martin

How do I reinstate the website? Could I grab a clean index.php file from the default install and replace the hacked one with it?

[reneh]

I have seen and experienced taht type of hack myself. That time it was trough the filesystem (ftp or something).


To be sure that all files are clean - upload all files for that version again.

"> if one file is hacked there is no trusting on the rest either"

Good luck!


NB!
Be sure to runn the latest stabel version of CMSMS!  Security holdes are found in older versions and these are closed in v1.1+