CMS Made Simple Forums

hi

our site with CMSMS 1.3 has been hacked. we are under linux, PHP 4.4.2, MySQL 5.0
(CMS Mailer with sendmail option, Frontend users, Self Registration, Custom Content, latest versions)
only the index, site structure seems ok.

Someone have idea how i can prevent that? or how that it's appened?

Thanks all

http://synergie-home.com

Have you checked the server log file?

I'm not aware of any security vulnerability.  Unfortunately, this guy didn't tell you how he did it, which is what a lot of these greyhat type hackers would do.

Do you have any other apps running on that server also, or is it only CMSMS?

Cyberman, i'm checking, but i'm not sure to discover the intruder
i've to check only http access or either FTP?

Ted:  we have a forum, PHPBB 2.20 CH modded (2.14), the forum seems untouched

if you like i'll send the log, or i'll give you any further detail

Thanks both

I had a site hacked a few months ago (not CMSMS, though), with a similar index attack.  We looked at server logs, FTP access, changed passwords, a PHP forum, everything...

Turned out there was a security hole in an old calendar CGI file on the FTP server.  They used this to modify the index page announcing their hack, nothing else, same as yours.  Once that CGI program was patched, the security hole was fixed and the site has had no problems since.  I would check your other apps and scripts and see if something might need to be patched.  Good luck.   :)

hi

I finally talked with the hacker, he was'nt changed anything in the site but the index. His attack was against the server.
As cwaz13 guessed, he have used a hole in the host system..
I asked explicitly if he did found some vulnerability in the CMS MS.

I'm happy to tell you all that he replied to have'nt found any, even saying (as Ted said) "changes are difficult, even if not impossible"

That it's enough for me, and for all the CMS MS community, though.

thanks 

Ivan

That's great news.  Well, not that you got hacked, but, well, you know.