Site was hacked, now displaying properly but admin console still not right.

[phrique]

Hi all,

My site got hacked, which appears to have been only a replacement of index.php with some text.  Simple enough to fix.  I looked through phpMyAdmin and my file manager and didn't find anything else.

Still, when I try to look at my main page in the admin console I get the following error:
"An error occurred parsing content blocks (perhaps duplicated block names) (Troubleshooting)"

None of the other pages are displaying this message.  Also, when visiting the site everything looks as it should. Any ideas what might be going wrong?  I did enable debug but it doesn't seem to be displaying anything.  I could be looking in the wrong place, of course.

Second thing--I updated my site a couple of nights ago and it appears as though I didn't set config.php back to 444 from 777 after the update.  Would that have allowed a hack like I experienced?

Thanks in advance for any assistance.  Really bummed about this.

[Jeff]

I didn't set config.php back to 444 from 777 after the update.  Would that have allowed a hack like I experienced?

Possibly. Check server logs and with your hoster for more answers

I updated my site a couple of nights ago

.
This is probably what is causing your error. In 1.8 (IIRC) the parsing rules for templates were cleaned up and a lot of sloppy template coding broke. You will have to post your template to tell exactly what is wrong but it is a problem with {content....


ajprog

[fredp]

...
Thanks in advance for any assistance.  Really bummed about this.

Hi,

Also, you might consider doing a "System Verification".  That will tell you if there are any files unexpectedly missing or modified.  If you haven't already done so, you'll need to download the checksum file, from the Download page, that matches the CMSMS tarball that you installed: cmsmadesimple-VVVV-XXXX-checksum.dat (where VVVV is your version and XXXX is "base" or "full").

Note: if you can't get to the "Site Admin » System Verification" page of the Admin console, then there is a standalone version of "System Verification" in the ./install directory named cmschecksum.php.

Reading through the wiki may also prove helpful.  For example:
  http://wiki.cmsmadesimple.org/index.php/How_to#How_to_Secure_CMSMS_system_-_Small_Guide

Hope this helps,
Fred

[Rolf]

My site got hacked, which appears to have been only a replacement of index.php with some text.  Simple enough to fix.  I looked through phpMyAdmin and my file manager and didn't find anything else.

I am afraid it isn't that simple...

On your webserver will be one, or more non-cmsms files (scripts) which put the extra text in your files. Probably more files will be infected by now.
Check for example the change dates on the server. Most of the time the dummy index.html files are changed too.

On the forum you will find several threads describing the best way to fix your website.
If you don't do this right your website wil be infected again, and again...

Like ajprog already said the notice "An error occurred parsing content blocks (perhaps duplicated block names)" has nothing to do with the hacking, but is the result of the upgrading of the website.

Regards, Rolf 

[phrique]

Running system verification I got the following results:

118 Files Not found
Files Not found:
/tmp/cache/SITEDOWN
/install/lang.php
/install/index.php
/install/install.css
/install/lang/ext/index.html
/install/lang/ext/en_CY.php
/install/lang/en_US.php
/install/lang/index.html
/install/standard.js
/install/translation.functions.php
/install/cmschecksum.php
/install/lib/functions.php
/install/lib/classes/CMSUpgradePage6.class.php
/install/lib/classes/CMSInstallPage4.class.php
/install/lib/classes/CMSInstallPage6.class.php
/install/lib/classes/CMSUpgradePage3.class.php
/install/lib/classes/CMSInstallPage5.class.php
/install/lib/classes/CMSUpgradePage1.class.php
/install/lib/classes/CMSInstallPage1.class.php
/install/lib/classes/CMSInstaller.class.php
/install/lib/classes/CMSUpgradePage5.class.php
/install/lib/classes/CMSUpgradePage4.class.php
/install/lib/classes/CMSInstallerPage.class.php
/install/lib/classes/CMSInstallPage7.class.php
/install/lib/classes/CMSUpgradePage2.class.php
/install/lib/classes/index.html
/install/lib/classes/CMSInstallPage3.class.php
/install/lib/classes/CMSInstallPage2.class.php
/install/lib/classes/CMSUpgradePage7.class.php
/install/lib/index.html
/install/releasenotes.txt
/install/upgrades/upgrade.4.to.5.php
/install/upgrades/upgrade.28.to.29.php
/install/upgrades/upgrade.3.to.4.php
/install/upgrades/upgrade.5.to.6.php
/install/upgrades/upgrade.27.to.28.php
/install/upgrades/upgrade.7.to.8.php
/install/upgrades/upgrade.24.to.25.php
/install/upgrades/upgrade.14.to.15.php
/install/upgrades/upgrade.18.to.19.php
/install/upgrades/upgrade.23.to.24.php
/install/upgrades/upgrade.20.to.21.php
/install/upgrades/upgrade.9.to.10.php
/install/upgrades/upgrade.1.to.2.php
/install/upgrades/upgrade.16.to.17.php
/install/upgrades/upgrade.29.to.30.php
/install/upgrades/upgrade.13.to.14.php
/install/upgrades/upgrade.8.to.9.php
/install/upgrades/upgrade.6.to.7.php
/install/upgrades/upgrade.11.to.12.php
/install/upgrades/upgrade.19.to.20.php
/install/upgrades/upgrade.17.to.18.php
/install/upgrades/upgrade.21.to.22.php
/install/upgrades/index.html
/install/upgrades/upgrade.31.to.32.php
/install/upgrades/upgrade.32.to.33.php
/install/upgrades/upgrade.12.to.13.php
/install/upgrades/upgrade.22.to.23.php
/install/upgrades/upgrade.26.to.27.php
/install/upgrades/upgrade.25.to.26.php
/install/upgrades/upgrade.15.to.16.php
/install/upgrades/upgrade.10.to.11.php
/install/upgrades/upgrade.2.to.3.php
/install/upgrades/upgrade.30.to.31.php
/install/templates/upgrade5.tpl
/install/templates/install5.tpl
/install/templates/upgrade3.tpl
/install/templates/install6.tpl
/install/templates/upgrade4.tpl
/install/templates/install1.tpl
/install/templates/pagestart.tpl
/install/templates/install7.tpl
/install/templates/installer_start.tpl
/install/templates/upgradeheader.tpl
/install/templates/installer_end.tpl
/install/templates/install4.tpl
/install/templates/upgrade6.tpl
/install/templates/upgrade1.tpl
/install/templates/install2.tpl
/install/templates/index.html
/install/templates/install3.tpl
/install/templates/upgrade2.tpl
/install/templates/upgrade7.tpl
/install/templates/installheader.tpl
/install/schemas/initial.sql
/install/schemas/schema.php
/install/schemas/extra.sql
/install/schemas/createseq.php
/install/schemas/index.html
/install/upgrade.php
/install/images/2.gif
/install/images/body.jpg
/install/images/4off.gif
/install/images/stop.gif
/install/images/bg_titles.png
/install/images/accept.gif
/install/images/expand.gif
/install/images/bg_banner.png
/install/images/nav.png
/install/images/5off.gif
/install/images/warning.gif
/install/images/logoCMS.png
/install/images/3off.gif
/install/images/info-external.gif
/install/images/yellow.gif
/install/images/red.gif
/install/images/5.gif
/install/images/6off.gif
/install/images/7off.gif
/install/images/green.gif
/install/images/6.gif
/install/images/1off.gif
/install/images/1.gif
/install/images/index.html
/install/images/7.gif
/install/images/2off.gif
/install/images/3.gif
/install/images/4.gif

2 Files failed md5sum check:
/tmp/cache/index.html
/tmp/templates_c/index.html

I updated the two tmp files to the install versions and don't want the SITEDOWN file.  Clearly the install files sould be missing as you blow away the install directory after installation, so that seems ok.

Should I feel fairly confident that things are back to normal now?

As far as the template, I'll copy it here.  I'm sure I've got some stupid mistake in here.  All of my other pages work just fine, just this template that's causing a problem.  I've looked through it and don't see anything obvious.

xxxxxxxxxxxxxxxxxxx

[Jeff]

You have this twice:    {content block='Announcement'

You should only have it once and then you use the assign variable when you want it displayed.

Code: Select all

         {content block="Announcement" assign="annc"}
         {if !empty($annc)}
         <div id="Announcement">
           {$annc}
         </div>
         {/if}

[phrique]

That certainly explains it, thanks.  So, the update to 1.8+ became more strict in enforcing rules on these sorts of things...any particular reason mistakes like this were OK in the past and now aren't?  I mean, I'd have assumed that shoudn't have worked in previous revisions, although I guess I'm glad it did!

Thanks again!