Hi,
I had 2 of my CMSMS sites hacked over the past 2 days and was hoping someone might give me a clue as to how to make it more secure. The first was a complete breach with pages changed and erased, the second was just the config.php being overwritten.
I am not new to creating and maintaining websites but I am new to CMSMS. My hosting service does list cms as being a potential security risk and doesn't recommend their customers to use this type of system.
I on the other hand like the way it works and wish to continue. Unfortunately I cannot risk a hacker putting dodgy material on my cms sites as some are school websites and others are ecommerce so in the end I may have no choice so I can maintain customer confidence.
The passwords were totally random and changing chmod just renders the cms unusable.
I would really appreciate some ideas please.
Cheers
cmsms hacked twice in 2days
Re: cmsms hacked twice in 2days
which version?
anything interesting in logs?
any other applications installed with same user rights?
anything interesting in logs?
any other applications installed with same user rights?
-
crackmedia
Re: cmsms hacked twice in 2days
My appologies, for the lack of info.
Version 1.0.8
No other apps installed with the same user rights, username or passwords.
Due to the nature of the problem on the first I just deleted the whole domain and reinstalled CMSMS clean and mysql db from a clean back up.
I never checked the logs (doh!!)
The other site is still in dev and I haven't touched it yet, so may have some info later.
Version 1.0.8
No other apps installed with the same user rights, username or passwords.
Due to the nature of the problem on the first I just deleted the whole domain and reinstalled CMSMS clean and mysql db from a clean back up.
I never checked the logs (doh!!)
The other site is still in dev and I haven't touched it yet, so may have some info later.
-
Pierre M.
Re: cmsms hacked twice in 2days
Hello,
if you don't look at the logs, you won't be able to know how the intruder has come into your CMSms installation and you won't be able to prevent him/her from redoing it.
You should run only the last stable version (1.1+) not old 1.0.8. It is too easy for an intruder to use a well known breach of 1.0.x.
Are you the only admin of the system ? Could you or somebody else with access have a spyware key logger on his/her local computer ?
If you are paranoïd about security, you may like to build your site with CMSms offline and to publish online only a static snapshot made with wget or webhttrack.
Pierre M.
if you don't look at the logs, you won't be able to know how the intruder has come into your CMSms installation and you won't be able to prevent him/her from redoing it.
You should run only the last stable version (1.1+) not old 1.0.8. It is too easy for an intruder to use a well known breach of 1.0.x.
Are you the only admin of the system ? Could you or somebody else with access have a spyware key logger on his/her local computer ?
If you are paranoïd about security, you may like to build your site with CMSms offline and to publish online only a static snapshot made with wget or webhttrack.
Does the hosting provider mean CMSms or any CMS ? If CMSms, why ? (this would help to harden it)My hosting service does list cms as being a potential security risk and doesn't recommend their customers to use this type of system.
Pierre M.
-
crackmedia
Re: cmsms hacked twice in 2days
Thanks for the input.
not cmsms but cms generally.
I shall upgrade and see what happens. It is possible there may be spyware on my pc but nothing shows up.
cheers.
not cmsms but cms generally.
I shall upgrade and see what happens. It is possible there may be spyware on my pc but nothing shows up.
cheers.
Re: cmsms hacked twice in 2days
Do you know if other sites on the host were hacked? It is possible that your site was compromised by a hacker getting privileged access through another site on the host computer.
Nullig
Nullig
-
cyberman
Re: cmsms hacked twice in 2days
Have you tried to protect access to admin folder with a separate .htaccess ?crackmedia wrote: The first was a complete breach with pages changed and erased,
Was the permission of config.php set to 444?the second was just the config.php being overwritten.
-
crackmedia
Re: cmsms hacked twice in 2days
It is possible that access was gained from another host as I am currently using shared space for my sites, but only the 2 cmsms sites were touched, all others including wordpress sites were left alone.
I will be protecting the admin using .htaccess/.htpsswd from now on.
I have upgraded to 1.1.x and have a new problem. The user details entered and sent via email do not work when trying to sign into the admin area. I will do a search and post if it remains a problem.
Thanks
I will be protecting the admin using .htaccess/.htpsswd from now on.
I have upgraded to 1.1.x and have a new problem. The user details entered and sent via email do not work when trying to sign into the admin area. I will do a search and post if it remains a problem.
Thanks
-
kazkas
Re: cmsms hacked twice in 2days
the same was with one of my websites. The problem was with server setup, any of shared hosting server users could write into tmp and upload dirs, because only way to run CMS MS was to cmod them to 0777. btw, question about config.php - if you will chmod it to 0444, wouldn't it be possible for others on the same server to create a simple PHP file to read config.php? that will give them a database login details.
-
faglork
Re: cmsms hacked twice in 2days
AFAIK not as long as safemode is on.kazkas wrote: btw, question about config.php - if you will chmod it to 0444, wouldn't it be possible for others on the same server to create a simple PHP file to read config.php? that will give them a database login details.
Cheers,
Alex
