CMS Hack?

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
sumpson
Forum Members
Forum Members
Posts: 111
Joined: Thu May 08, 2008 6:35 pm

CMS Hack?

Post by sumpson »

Hello,

This hack (blank page front-end) has happened often to me (to sites where i have a specific ftp password) when i change the ftp login and remove the line everything is fine and it won't come back.

Code: Select all

else if (file_exists(TMP_CACHE_LOCATION.'/SITEDOWN'))
{
	echo "<__html><head><title>Maintenance</title></head></__body><div style="display:none"><__iframe width=814 height=568 src="xxx" ></__iframe></div><p>Site down for maintenance.</p><__body></__html>";
	exit;
}
This is the index.php file, I considered posting this because I think it has something to do with CMSMS because it is not put somewhere randomly.

Hope this helps someone.

cheers,

Philippe
Last edited by Anonymous on Mon Apr 02, 2012 1:18 pm, edited 1 time in total.
Reason: removed potential hack url
Top
replytomk3

Re: CMS Hack?

Post by replytomk3 »

This is a website attack that is done thru hosting storage (people can hack all websites on the same server) if the hosting company is not doing their job properly. Removing IFrame infection might take some time. Be careful of fixes posted online. Further information: http://mkrd.info/services-available/repair-website-or-server-infection.html
Top
User avatar
Rolf
Power Poster
Power Poster
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Contact:
Contact Rolf

Re: CMS Hack?

Post by Rolf »

Hi sumpson

Your site has been ftp hacked alright. Did you changd your ftp passwords yet?
But just trying to delete the iframes won't solve your problem, I'm afraid.

There will be one or more non-cmsms files somewhere on your website.
These scripts will place the iframe in your files.

So if you don't find these hack files, the iframes keep coming back...
Finding the files is one thing, removing all the iframes is another thing.

There is only one good solution and that is to delete all the files and reinstall cmsms on the existing database.
There are a lot of similar topics here on the forum.

Grtz. Rolf
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
Top
Pierre M.

Re: CMS Hack?

Post by Pierre M. »

http://forum.cmsmadesimple.org/index.ph ... 539.0.html
Top
replytomk3

Re: CMS Hack?

Post by replytomk3 »

Rolf wrote: But just trying to delete the iframes won't solve your problem, I'm afraid.

There will be one or more non-cmsms files somewhere on your website.
These scripts will place the iframe in your files.

So if you don't find these hack files, the iframes keep coming back...
Finding the files is one thing, removing all the iframes is another thing.
Grtz. Rolf
Yes, but not a problem for me. It is possible to find the script file that creates the IFrames with a search thru all files. Like I said, I can recover an IFrame infected website.
Top
Post Reply

Return to “CMSMS Core”