Hi -
Running a site on CMSMS v1.6.6 and I've been getting spammed. It appears that someone has appended the following code to the end of the include.php file:
Which ends up adding a bunch of nonsensical stuff to the admin area - as of now the site itself doesn't appear to be affected.
For instance, at the top of the admin login screen, you get:
Warning: Cannot modify header information - headers already sent by (output started at /mypath/include.php:507) in /mypath/admin/login.php on line 313
Warning: Cannot modify header information - headers already sent by (output started at /mypath/admin/login.php on line 314
and if you look at the source code, there's a list of spammy links. If I remove that piece of code from the include.php file, all this goes away. But my question is, how do I get this to stop?
Spamming issue with include.php
Spamming issue with include.php
Last edited by upwithit on Wed Oct 21, 2009 2:36 pm, edited 1 time in total.
Re: Spamming issue with include.php
you have been hacked. Somewhere in your installation is a script that continues to append the hacker's code to your include.php file.
You need to perform a clean install and restore your database from a know-good backup.
Also, please do not include the full server path to your site when you're submitting a post. You can replace the exact path with something like /mypath/
Otherwise it's like giving out the exact location and combination to your wall safe in your house, and all the thief has to do is figure out your address and how to jimmy the front-door lock.
You need to perform a clean install and restore your database from a know-good backup.
Also, please do not include the full server path to your site when you're submitting a post. You can replace the exact path with something like /mypath/
Otherwise it's like giving out the exact location and combination to your wall safe in your house, and all the thief has to do is figure out your address and how to jimmy the front-door lock.
