Webfusion

[gavinhowells]

Hi,

Anybody have any CMSMS sites on Webfusion servers? I have about 10 CMSMS sites on different servers at Webfusion and nearly all of them have started to generate this error when you visit the site

Parse error: parse error, unexpected T_STRING, expecting ',' or ';' in /home/xxxxxx/public_html/index.php on line 56

They all use different CMS versions. Webfusion state it isn't a server issue, but I maintain it must be something they've done for all these sites to suddenly stop working.

Anyone else on Webfusion getting these errors?

[kevinjw]

Hi

same problem appeared on a webfusion site yesterday but "on line 65". I havent had the problem on another Webfusion site.

As a temporary fix I uploaded an old backup copy of index.php

I searched "parse error" in this forum and found a fix hopefully at
http://forum.cmsmadesimple.org/index.ph ... 271.0.html

[gavinhowells]

Many thanks for the response kevinjw. I spoke to webfusion, and they just fobbed me off once again - citing it as a scripting error. Fair enough, but I'd quite like to know what they did to their servers that would suddenly stop CMSMS sites working.

I'll copy over a backup php page until I can work out what went wrong. 

[gavinhowells]

Just an update, I've been going through the sites that fell over and all the index.php pages were updated yesterday, and I certainly didn't. I've looked in the pages and it looks like this is making it fall over

Code: Select all

xxxxxxxxxxxxxxxxxxx

Was this ever part of cmsms or has this been added? I can't seem to find it on any backup of the CMS I have on file.

[gavinhowells]

Ok, I've just spoken to Webfusion. I've noticed that the code I just posted was in our standard HTML pages too for our sites, but being HTML it had no adverse effects.

Webfusion looked into it and found people ftp'ing in from Latvia and Australia changing the files, so obviously it's been compromised. kevinjw, I would suggest speaking to Webfusion and changing your passwords.

[kevinjw]

thanks for the advice on the ftp passwords - am getting onto it ..

cheers

[chexxer42]

I was just checking/testing some FTP links today as I'd upgraded my FTP software and another of my web hosts had carried out some updates that reset the FTP passwords, so I was testing those as well and just happened to be testing all the other FTP sites I work with and when I got to the Webfusion one I noted all the html files had a 26/02/2009 date stamp?, I hadn't been near it for months.

I couldn't see anything wrong except the size of the index.htm was larger, on viewing the source, I found this right at the bottom.

.... 

I searched on "gerh34h34h34h.com" and hit this site, the only one that came up on Google, so thanks very much for the info. Initially I thought the person taking over the maintenance of the website had something to do with it !!!.

So I've notified the owner to get the Control Panel & FTP passwords changed, they where both the same when the company started hosting with Webfusion and I never changed it.

[contented]

Yes, one of our Webfusion sites was hacked on 28th Feb. Caused us a lot of problems yesterday sorting it out. They hacked the index.php within the cms folder and also the index.htm in the root folder. The hack seemed to be some string advertising various medications with links to incubationasia.org.
We've changed the ftp password and are busy doing the same to our other sites. At first we thought it was a vulnerability with cmsms, but pleased it doesn't seem to be. Will now contact webfusion to get their reaction.
Penny