CMS Made Simple Forums

Hello,

For a while my website was down for a reason i didnt know. I could still login to the admin, but the front-end did not work.

Finally i discovered some weird code in my index.php file.
The iframe code shouldn't be there. If i remove that code the site works again. After a wile the code is back again, slidely different.

Did somebode had this problem before and knows what is going on?

Bas

Hi Bas,

I've seen this before, caused us lots of headaches!
This is normally the hosting FTP accounts being compromised.

We had to change hosts twice because of these attacks, each time due to leaks at the Hosting companies servers allowing hacckers to gain access.

You will be able to see when the files were changed by looking at the time stamps via ftp.

Contact yor hosting company and ask them to check the access logs for this time explaing the problem.

You may also find a new javascript file on your site. This is used to insert the new html in your pages if it is removed.

Important -- change your ftp password now so that idf the leak has been blocked hackers will not still be able to gain access to your account.

If you have a control panel with your hosting change the password on this too.


Good luck

Andy

Purplerain

Replied to you in the Dutch forum:
http://forum.cmsmadesimple.org/index.ph ... #msg174083

®

Any security alert without software version is useless.
Please monitor announcements about security releases.

Pierre M.

After you modify all passwords, try downloading files from your server and see if the antivirus software on your computer trips up. When I did this for someone else, Avast! warned me that php/html files themselves were infected. Backup database first.