Page 1 of 1
Weird link
Posted: Wed Sep 16, 2009 9:21 am
by bjits
Hello,
I have found the following code at the bottom of the index.php of the CMS page
xxxxxxxxxxxxxxxxx
This line generated lot of links; below are the first three lines from 200 lines which got generated
xxxxxxxxxxxxxxxxx
Please advise if any of the cmsms module can add this kind of decode code.
Regards
Re: Weird link
Posted: Wed Sep 16, 2009 9:36 am
by Rolf
hi bjits
Your site has been hacked...
®
Re: Weird link
Posted: Tue Sep 22, 2009 3:59 am
by bjits
Hi,
I spoke to my hosting comany and they have said that there is two possibility
1) FTP password has been compromised
2) The version of the CMSMS is old and could be vulnerable to the CGI attacks
Now we have change the password of FTP but not sure whether it could be CGI attacks.
My question is whether CMSMS is vulnerable to any CGI attacks which can write a code directly into index.php at the bottom of the page.
Do I need to load the most recent version of CMSMS. Currently I am using Version 1.4
Please advise.
Kind regards.
Re: Weird link
Posted: Tue Sep 22, 2009 9:16 am
by Rolf
Hi,
If I recall correctly there hasn't been a report of a cmsms hacking since version 1.2.x and thats a while ago...
Althought your cmsms version is very old and you really need to upgrade, I don't think thats the problem here. Your site is most probably ftp-hacked.
There will be some non-cmsms files on your server. These scripts will place the unwanted stuff in your files.
You can put a clean back-up back on the server. But is is really clean...
The best way out, is to reïnstall cmsms on a blanc webserver with the excisting database.
Back-up files and database first of course!!! (good virusscanner enabled)
Later on put your images and other stuff (after checking) back on the server.
This is the only way to ensure the hacking can't start over again, and again...
There will be similar topics in the forum, with perhaps more info on this.
®
Re: Weird link
Posted: Tue Sep 22, 2009 9:22 am
by fredp
bjits wrote:
...
My question is whether CMSMS is vulnerable to any CGI attacks which can write a code directly into index.php at the bottom of the page.
Do I need to load the most recent version of CMSMS. Currently I am using Version 1.4
Please advise.
Hi,
When I have questions about CMSMS, I first search the forum and the wiki sites before posting. I have often found answers to my questions there and that has saved me time. For example, consider how long you waited for me to read this topic and reply, then compare that to the minute or two that it took me to search the forum and wiki sites and find these two links (among others):
http://forum.cmsmadesimple.org/index.ph ... #msg143989
http://wiki.cmsmadesimple.org/index.php ... mall_Guide
The forum and wiki sites have search facilities or one can use external search engines. For example, you might try something like these google search terms for starters:
site:cmsmadesimple.org support current version
site:cmsmadesimple.org howto secure cmsms
Hope this helps,
Fred