CMS Made Simple Forums

Hi,
I'm newbie in CMSMS.
I Have done a lot of work but someone is hacking in to it.
First attack was on my files on ftp : uplads, images and few more folders where deleted.
Then I have put all security patches from forum I could find but now someone is deleting my database.
I have file permission setup to 444. I have even put a .htaccess to secure config.php but it doesn't work.
Every time I'm restoring a database I'm changing a username and password for it but after few hours is deleted again.
I have dedicated server with backups running twice a day with limited permission to control panel and it is logging all access into site but there is nothing obvious.
Please help
Thanks

Server side problems, no reported cases of vulnerability with the system itself...

I've contacted hosting company and according to them there wasn't anything done on a server. Connection to db is restricted only to control panel and only one person has a access to it - me.

Or whom ever can keylog into your computer, I'm sorry but it has been so long since the system has had a vulnerability that it  has become highly unlikely it has anything to do with CMS Made Simple...

Oh btw. what is your system, it gets real hard to answer questions when not enuf info is provided, shared host, vpn, etc., server version, all the usual stuff in system info page...

CMS Install Information:

CMS Version

1.6.6

Installed Modules

CMSMailer

1.73.14

FileManager

1.0.1

MenuManager

1.6.2

ModuleManager

1.3.1

News

2.10.3

nuSOAP

1.0.1

Printing

1.0.4

Search

1.6.1

ThemeManager

1.1.1

TinyMCE

2.5.5

Album

0.9.3

NFS

1.0

Forgecart

1.1

FrontEndUsers

1.6.9

Statistics

0.9.2

Config Information

php_memory_limit:



process_whole_template:

false

max_upload_size:

10000000

default_upload_permission:

777

assume_mod_rewrite:

false

page_extension:



internal_pretty_urls:

false

use_hierarchy:

true

debug:

false

output_compression:

false

root_url:

http://

root_path:

(0755) Success

previews_path:

/tmp/cache (0755) Success

uploads_path:

/uploads (0755) Success

uploads_url:

/uploads

image_uploads_path:

/uploads/images (0755) Success

image_uploads_url:

/uploads/images

use_smarty_php_tags:

false

locale:



default_encoding:

utf-8

admin_encoding:

utf-8
PHP Information:

Current PHP Version (phpversion):

5.2.10 Success

md5 function (md5_function):

On (True) Success

GD version (gd_version):

2 Success

tempnam function (tempnam_function):

On (True) Success

Magic quotes in runtime (magic_quotes_runtime):

Off (False) Success

PHP Effective Memory Limit (memory_limit):

32M Success

Maximum Execution Time (max_execution_time):

30 Caution ?

PHP Safe Mode (safe_mode):

Off (False) Success

Session Save Path (session_save_path):

/tmp (1777) Success

Session Use Cookies (session.use_cookies):

On (True) Success

Checking if the httpd process can create a file inside of a directory it created (create_dir_and_file):

Success

PHP register_globals (register_globals):

On (True) Caution ?

PHP output_buffering (output_buffering):

On Success

disable_functions in PHP (disable_functions):

  Success

PHP Open Basedir (open_basedir):

  Success

Test for remote URL (test_remote_url):

Caution ?
fsockopen: Connection ok! Success
fopen: When allow url fopen is disabled you will not be able to accessing URL object like file using the ftp or http protocol. Failure

File uploads (file_uploads):

On (True) Success

Maximum Post Size (post_max_size):

8M Caution ?

Maximum Upload Size (upload_max_filesize):

2M Caution ?

Basic XML (expat) support (xml_function):

On (True) Success

Test file_get_contents (file_get_contents):

On (True) Success

Test ini_set (check_ini_set):

On (True) Success
Server Information:

Server API (server_api):

cgi

Server Database (server_db_type):

MySQL (mysql)

Server Database Version (server_db_version):

5.0.85 Success

Server Software (server_software):

Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4

Server Operating System (server_os):

Linux 2.6.18-164.6.1.el5 On x86_64

Permission Information

tmp:

(0755) Success

templates_c:

(0755) Success

modules:

(0755) Success

File Creation Mask (umask):

(0755) Success

config_file:

0444 Success

It is not a shared server.
Help please :/

So it is a server you had to set up all systems on?...

If so you may not have some security setting that would block any outside access to hackers...

That is beyond my abilities to help on so hopefully others will come to help...

I usually try to politely ask the tech support to look at server logs.

I would change passwords for hosting, and make sure none of the passwords match. Maybe someone got access to your personal computer.

After changing absolutely all passwords (hosting, db, ftp, ssh, etc - there are many ways to access a server) I would make sure htaccess URL filtering was enabled.


You can always politely wine to tech support for them to switch to another server or tell you what is going on.

Dr CSS knows what he is talking about. I would concur that it is likely your own computer that was affected. Make sure to run a boot time scan with a good antivirus program (Avast), and try changing passwords and ftp access from another computer.

Post your progress we will be happy to troubleshoot.

You are on a dedicated server? Then you should have root access to all the logs (ssh,telnet,apache,error,ftp) look through the logs find out how they are getting in and what ip they are from.