[SOLVED] Hacked, hacked, hacked!

[QueenOfStarWears]

I keep getting hacked!  I am doing all of the things the setup says to do.  I even delete the install directory and change the permissions on the config file.  Any ideas?  

[calguy1000]

No information provided by you, gets you no help from us.

[QueenOfStarWears]

Many apologies.  I'm using the latest version and worked with our unix admin to set up all of the permissions during installation.  He then changed the config file permssions per the directions and I deleted the install directory.

I just got an angry message from him that he is not going to allow CMSMS again due to the hacking, but I don't know what else to tell him except to follow the directions during the installation. 

If you could let me know what type of information you need, that would be helpful.  I'll be glad to provide it. 

[jmcgin51]

http://forum.cmsmadesimple.org/index.ph ... ,40.0.html

define "the latest version"

I believe there have been no reported hacks due to CMSMS holes for a very long time (maybe 1.2).  Most reported hacks are FTP hacks, unclosed sessions on a public computer, etc.  Not the fault of CMSMS, and your admin most likely knows (or should know) this.

The more details you can provide, the better we can help you.  If it is in fact a breach via CMSMS, the dev team needs to know as much as possible so they can find/fix the issue.

[sjg]

Please go into your Admin, click on Site Admin > System Information and then click on the View Text Report link, and email the results to me and/or any of the core developers.

It'd also be helpful to learn if you are hosting on a dedicated or a shared server.

Also, please have your IT person attach the logs and any other information that they have indicating the breach was via CMS Made Simple. If possible, get them in touch with us directly, so we can do some forensic analysis.

Thanks,
___Samuel___

[replytomk3]

If your hosting provider blames CMSMS ask them to provide proof with server logs. If they can't, then it was actually likely their poor security that should be blamed.

[replytomk3]

And one more thing that you can implement is URL filtering in your htaccess file (details available if you search here). But like it was said, no more holes have been seen with URL attacks.

[fredp]

Hi,

Have you read this "How To" on the wiki site?
  http://wiki.cmsmadesimple.org/index.php ... mall_Guide

If not, it may prove helpful.

[pbrady]

Hi,

I have CMSMS on a debian linux box that is hardened. If you provide more details on your CMSMS config, the Linux OS you are using, and the basic config of the box, I might be able to help.

-p

[pbrady]

By the way, I have intrusion protection, secure mailer, ssh-only (key-based) access, etc. All very secure.

Hi,

I have CMSMS on a debian linux box that is hardened. If you provide more details on your CMSMS config, the Linux OS you are using, and the basic config of the box, I might be able to help.

-p

[JeremyBASS]

file2ban is pretty good at stoping most ssh attacks...

[QueenOfStarWears]

Thanks to all!  I took all of the advice (thanks for the helpful links) went back to the server admin with additional info.  It appears to have been things my server admin needed to button down.