CMS Made Simple Forums

I have just found out my site has been hacked, I suspect a previous supplier of my clients web services as the only concern they raised when talks of taking the site away from their Drupal version was the security of CMS MS.

I have changed all User and Pass for accounts, DB and FTP.

My question is where should I be looking to see how this hack was done?

I have checked the modification date in the CMS DB table so know when content was changed. There are no records of CMS access at this time in the CMS admin logs, does this mean they didn't access the admin area?

I'm using CMS version 1.9.4.2

Any response on this would be much appreciated.

This turned out to be an issue with the news module and has been resolved in the 1.9.4.3 update. I suggest everyone that uses the News module on their 1.9.4.2 install upgrade the few files urgently to prevent your content being altered by unwanted nasties.

The issue allows anyone to edit your news articles via the front end of your website without being logged in by simply modifying the URL.

Hope this prevents anyone else being caught out.