CMS Made Simple Forums

Hey guys,

Yesterday morning someone (or something) got to our site and uploaded there several randomly named .html-files with meta refresh -tag which points to some spam-site. Files are located in every folder (including those what cmsms doesn't use and below public_html -folder).

Has anyone experienced similar security issue with cmsms and do you have any clues how to fix it?

Thanks!

A proper configured website will first look for index.php and if not found for index.html. Randomly named html files doesn't make any sense because it shouldn't have any effect to your site.
Anyway a proper configured server will not allow to access files/folders directly that are not meant to be accessed directly by the whole web.

For more infos about a proper configured website see this small security guide.

I bet you use FileZilla for FTP uploads and one of those crappy microsoft OS.
If so the security issue is you not CMSms. There is a known huge security hole that was reported many times here in the forums but has definitley nothing to do with CMSms but with FileZilla. (read here, or here or here ...)

Your FTP account seems to be hacked. So you should check your own computer for any malware. Check also the FTP logs (if any - ask your provider).
It also could be that your provider was hacked and your webspace is not the only one that is affected. (ask your provider again)

In brief: First of all try to do some investigation on how the files were uploaded.
If it was via FTP you have much more trouble than just some randomly named html files on just one website. Otherwise be sure that a CMSms script was used to upload the files. (I'm pretty sure this cannot be the case since CMSms shouldn't be able to upload files below public_html folder)
If another script was used check if this needs to be on your webspace.
If not check how it got there...

Thanks for answer. I use OS X with Transmit FTP-software, but this FTP-account has other users too so it could be someone else.

I agree that CMSMS maybe isn't the issue. .html-files were also below public_html -folder just doesn't make any sense. Provider also agreed that FTP-accound hack could be the possible.

However, I can't stand how webspace providers always blame open source systems first, so I wanted to be sure. I have made websites with CMSMS over three years now and never came across with any security issues.