CMS Made Simple Forums

Hello-
I am running CMSMS 1.2 using PHP 4.4.9 and MySQL 5.0.67 all running on Linux. More info: http://areteproducts.com/check.php

My server was hacked and someone added a bunch of code to several of the .php files that caused multiple sites to stop working. This affected 20+ sites including other applications such as Wordpress, Zen Photo and others. I removed the CRAP code on all the files affected, then replaced the bad files with the good ones on the server via FTP. That fixed all of the Wordpress and Zen Photo sites, but I can't get my CMSMS sites back online with the same solution.

One of the CMSMS sites affected is: www.areteproducts.com
There were 10 files affected by the hack:
adodb.functions.php
adodb.inc.php
config.php
config.functions.php
content.functions.php
index.php
misc.functions.php
module.functions.php
page.functions.php
translation.functions.php

When infected, they each gave this fatal error:
Fatal error: Call to undefined function: get_encoding() in /homepages/29/d116508282/htdocs/advanced/index.php on line 1

I have removed all of the bad code on these files and uploaded the clean versions, but all I get is a blank screen and I can't figure out why. I thought perhaps the hacker possibly deleted a file from the server that I just don't see. I'm not sure. Please help me get the site back online!

I am happy to send someone the files or FTP access to assist.

Thank you in advance for your help!

I don't think it's necessary but here is the CRAP code that was placed on line 1 of my php files by the hacker:

No need to show the code...

Do you have a clean database backup?  If you do, wipe your existing installation and reinstall a clean version of 1.2 (available in the Downloads section on this site), then restore from the clean db backup.

THEN UPDATE TO 1.5.3 ASAP

Once the update is complete and everything is working again, remember to make another clean backup of your files and db.

Thanks for the suggestion. I was hoping not to have to do a complete restart.

- Are there any online guides for how to download my database, then restore the site?

- What will I lose if I completely restart? Will I lose my customizations and files? (logos, product images, pdfs, etc)

Thanks again for the quick response.

Just my Modest opnion, if you server was haked and you have good backups and again if was me  i will format the server (HDD disk) you no longer safe right now!

Most good host will have a semi recent DB backup, the only thing in the folder/files you need are any files you may have added like images etc., all modules can be backed up and re loaded...

Hello,

mlbwebdesign wrote: I am running CMSMS 1.2 (...)
My server was hacked (...)
There were 10 files affected by the hack:
adodb.functions.php adodb.inc.php config.php config.functions.php content.functions.php index.php misc.functions.php module.functions.php page.functions.php translation.functions.php

Runing CMSms v1.2 with a direct web access in 2009 is asking for trouble.
From http://wiki.cmsmadesimple.org/index.php ... mall_Guide
"Always keep your system up to date".

New CMSms versions fix security holes. Not upgrading CMSms is leaving a known access open for all crapbots.

As Mark has said a good hosting provider makes at least weekly (or 10 days rotating) backups. Hence when you discover something you can go back some days for a sane version and analyse the http logS for the crack and harden your setup accordingly by adding a filtering rule.

BTW I expose CMSms directly to the web only when needed. Otherwise I expose only static exports generated by wget.

Pierre M.

Pierre M. wrote: As Mark has said a good hosting provider makes at least weekly (or 10 days rotating) backups. Hence when you discover something you can go back some days for a sane version and analyse the http logS for the crack and harden your setup accordingly by adding a filtering rule.

Again wend the server is hacked you never know wend this happend so the best pratice is format the HDD server  and restore the backup-sites  all server config may be compromise!