CMS Made Simple Forums

Hi,

I had 2 of my CMSMS sites hacked over the past 2 days and was hoping someone might give me a clue as to how to make it more secure. The first was a complete breach with pages changed and erased, the second was just the config.php being overwritten.

I am not new to creating and maintaining websites but I am new to CMSMS. My hosting service does list cms as being a potential security risk and doesn't recommend their customers to use this type of system.

I on the other hand like the way it works and wish to continue. Unfortunately I cannot risk a hacker putting dodgy material on my cms sites as some are school websites and others are ecommerce so in the end I may have no choice so I can maintain customer confidence.

The passwords were totally random and changing chmod just renders the cms unusable.

I would really appreciate some ideas please.

Cheers 

which version?

anything interesting in logs?

any other applications installed with same user rights?

My appologies, for the lack of info.

Version 1.0.8

No other apps installed with the same user rights, username or passwords.

Due to the nature of the problem on the first I just deleted the whole domain and reinstalled CMSMS clean and mysql db from a clean back up.

I never checked the logs (doh!!)

The other site is still in dev and I haven't touched it yet, so may have some info later.

Hello,

if you don't look at the logs, you won't be able to know how the intruder has come into your CMSms installation and you won't be able to prevent him/her from redoing it.

You should run only the last stable version (1.1+) not old 1.0.8. It is too easy for an intruder to use a well known breach of 1.0.x.

Are you the only admin of the system ? Could you or somebody else with access have a spyware key logger on his/her local computer ?

If you are paranoïd about security, you may like to build your site with CMSms offline and to publish online only a static snapshot made with wget or webhttrack.

My hosting service does list cms as being a potential security risk and doesn't recommend their customers to use this type of system.

Does the hosting provider mean CMSms or any CMS ? If CMSms, why ? (this would help to harden it)

Pierre M.

Thanks for the input.

not cmsms but cms generally.

I shall upgrade and see what happens. It is possible there may be spyware on my pc but nothing shows up.

cheers.

Do you know if other sites on the host were hacked? It is possible that your site was compromised by a hacker getting privileged access through another site on the host computer.

Nullig

crackmedia wrote: The first was a complete breach with pages changed and erased,

Have you tried to protect access to admin folder with a separate .htaccess ?

the second was just the config.php being overwritten.

Was the permission of config.php set to 444?

It is possible that access was gained from another host as I am currently using shared space for my sites, but only the 2 cmsms sites were touched, all others including wordpress sites were left alone.

I will be protecting the admin using .htaccess/.htpsswd from now on.

I have upgraded to 1.1.x and have a new problem. The user details entered and sent via email do not work when trying to sign into the admin area. I will do a search and post if it remains a problem.

Thanks

the same was with one of my websites. The problem was with server setup, any of shared hosting server users could write into tmp and upload dirs, because only way to run CMS MS was to cmod them to 0777. btw, question about config.php - if you will chmod it to 0444, wouldn't it be possible for others on the same server to create a simple PHP file to read config.php? that will give them a database login details.

kazkas wrote: btw, question about config.php - if you will chmod it to 0444, wouldn't it be possible for others on the same server to create a simple PHP file to read config.php? that will give them a database login details.

AFAIK not as long as safemode is on.

Cheers,
Alex