Page 1 of 1
Been Hacked!!!!
Posted: Fri May 30, 2008 2:41 pm
by sugna
My post was removed or didn't make it or? so sorry for the dup.
My site PBATS.com was hacked today
Running: Version 1.2.4 “Greenland”
Files added
PLUGINS DIR: modifier.getme.php
UPLOADS DIR: index.php
Result
When browsing to the site you get an apache user pass prompt
Solution
Remove files
Any other advise would be great.
Shane
Re: Been Hacked!!!!
Posted: Fri May 30, 2008 2:44 pm
by calguy1000
this is a known issue.
1. Remove all files
2. Clear the database
3. Restore completely from a known good backup
4. Upgradeo to CMS 1.2.5
5. Change all CMS passwords.
Re: Been Hacked!!!!
Posted: Fri May 30, 2008 2:55 pm
by sugna
Thanks CalGuy.
Does anything get added to the database? or is backing up a precaution? I didn't respond to the prompt or access the admin.
Shane
Re: Been Hacked!!!!
Posted: Fri May 30, 2008 3:07 pm
by calguy1000
this hack has been seen in many different ways
and you can never be sure what files were uploaded, or modified, or if they have a copy of your password table, or what
so you need to nuke everything and restore from backup.
Re: Been Hacked!!!!
Posted: Sat May 31, 2008 1:00 am
by styson
My hosting provider got hacked through one of my CMSms 1.2.3 sites. They rootkitted the server then proceeded to saturate all his outbound bandwidth with either spam or a DOS attach. This was 8 days after 1.2.5 was released. What a mess. All 18 sites have been patched to 1.2.5 and I'm now on the
bugtrack@securityfocus.com mailing list now to watch for any new exploits.
Re: Been Hacked!!!!
Posted: Sun Jun 01, 2008 9:33 am
by Gasoline
FOR THE
SECOND TIME IN A COUPLE OF MONTHS MY SITE IS
HACKED. AND I ALWAYS USE LATEST VERSIONS. AGAIN TROUBLES AND A LOT OF WORK.
I WILL COMPLETLY REMOVE THE INSTALL OF CMSMADESIMPLE AND NEVER USE THIS PRODUCT AGAIN. I HAVE HAD TO MANY ISSUES WITH THIS SOFTWARE. BECAUSE I RUN MY OWN SERVER THIS IS POTENTIALY VERY DANGEROUS FOR ALL MY OTHER CLIENTS THAT RUN THEIR SITES ON THIS SERVER. IT COULD KILL MY BUSINESS !!
Re: Been Hacked!!!!
Posted: Sun Jun 01, 2008 10:52 am
by Signex
If you run your own server maybe you should look at that direction instead of blaming CMSMS.
Yes security issues happen with CMSMS, just like with every other software product, but when you use latest versions, and take decent server wide security measures you are pretty save, so theres no reason blaming cmsms.
Re: Been Hacked!!!!
Posted: Sun Jun 01, 2008 11:42 am
by reneh
CMS Made Simple is one of the fastest CMS'es out there to provide patches when a security hole is found!
Administrators of the sites should realy consider to subscribe to the announcement list to get fast notices of new versions and security fixes. Link to the mailing lists here:
http://www.cmsmadesimple.org/support/mailing-lists
Re: Been Hacked!!!!
Posted: Wed Jun 04, 2008 6:29 am
by styson
reneh wrote:
CMS Made Simple is one of the fastest CMS'es out there to provide patches when a security hole is found!
Administrators of the sites should realy consider to subscribe to the announcement list to get fast notices of new versions and security fixes. Link to the mailing lists here:
http://www.cmsmadesimple.org/support/mailing-lists
Done! I totally spaced on the announce mailing list.
Thanks for the reminder.