CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Banned by Google

https://forum.cmsmadesimple.org/viewtopic.php?t=24358

Page 1 of 1

Banned by Google

Posted: Sun Aug 03, 2008 1:07 pm
by sayitlikeitis
My site was banned by Google, saying it “may harm your computer.”  Google identified  xxxxxxxxxxxx malicious software that would infect users from my site.  With assistance from my host provider they spotted some java code in index.php they thought looked suspicious.  A snippet of the code follows, with the require_once line appearing at about line 70 of index.php.  Perhaps you can tell if the line beginning with echo is suspicious or not.

If this code is not meant to be there, how do you think it could possibly have got into the code? 

Does this mean that someone logged into the back end of my site and manually edited the file? 

No one should be aware of my user code and password but me. How could this come about?

And, how can I monitor whether the code has changed without my knowledge?  It’s kind of difficult if you don’t know where to look and what to look for.

Ron

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Re: Banned by Google

Posted: Sun Aug 03, 2008 1:27 pm
by Zoorlat
Sounds like your site has been hacked  :(

Which version of CMSMS do you have installed? (You can search this forum for more info about the security problems with versions before 1.3.)

Best
/Z

Re: Banned by Google

Posted: Mon Aug 04, 2008 9:38 am
by sayitlikeitis
I'm on v1.2 Barbados. 
How do they get in and alter code?
What's the best way to monitor things?

Re: Banned by Google

Posted: Mon Aug 04, 2008 4:47 pm
by Zoorlat
As I understand it, they got in through old versions of filemanager. If you want to know more, read this post: http://forum.cmsmadesimple.org/index.php/topic,21759.0.html

The only way to safely get rid of the infection is to do a compleat re-install. By that I mean destroy everything - files, databases etc. Then install a fresh version of cmsms, and load the content from a known to be safe database back-up (I hope you have got one!). Depending on the size of your site, you can of course copy the text from your infected site first, and then paste that into the clean site. But make sure to not put back anything that might be infected (ie any non plain text content).

Also, make sure to change all the passwords, to your database as well as to your admin-accounts.
For more details, read this:http://forum.cmsmadesimple.org/index.php/topic,22516.msg109186.html#msg109186

Re: Banned by Google

Posted: Mon Aug 04, 2008 7:11 pm
by Pierre M.
sayitlikeitis wrote: I'm on v1.2 Barbados. 
Saying it like it is : you are shooting yourself in the foot.

Always use the latest official stable version (1.4 today). Because blah blah and security fixes.

Pierre M.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited