Page 1 of 1
Suggestion for hacked sites
Posted: Mon Sep 19, 2011 6:36 pm
by kgiles
Hi
I think CMSMS is a great program, the only problem I have had is I have had 6 sites hacked in the last 6 months. Usually spammers.
Yes They may not have been the latest versions.. but they were close. The problem is once the site has been compromised it is difficult to find and remove non CMSMS files.
My suggestion is to have a feature in admin that compares the files in the site with the files for the release. and lists all non CMSMS files. content compare would be even better except for files that change config etc.
Thanks for your consideration and keep up the great work
Keith
Re: Suggestion for hacked sites
Posted: Mon Sep 19, 2011 6:51 pm
by RonnyK
I dont know how recent your versions are, but since at least 2 years, the version have SystemVerification inside, which can compare the original files with the current ones in the install. The check-file is downloadable in the Download-area, and can be compared to your install.
Ronny
Re: Suggestion for hacked sites
Posted: Mon Sep 19, 2011 6:55 pm
by gianpiero
anyway a lot of softwares do this, in FTP mode also
Re: Suggestion for hacked sites
Posted: Tue Sep 20, 2011 12:53 pm
by kgiles
Thanks for tip Ronny,
I had missed this feature... if it lists additional non cmsms files it would be what I need. but I just tried it and it didn't list any of the files I had uploaded in the site so I suspect it wont find additional spammer files???
anyone know??
Keith
Re: Suggestion for hacked sites
Posted: Tue Sep 20, 2011 1:32 pm
by gianpiero
malicious code are into database normally, and overwrite/modify or add code into your template, news, css, article ...
search <__iframe> tag calling external site or other <www> into database
bye
Re: Suggestion for hacked sites
Posted: Tue Sep 20, 2011 4:50 pm
by Mieszko
anyway a lot of softwares do this, in FTP mode also
Which software for example?
Can you name any?
Would find that information very helpful.
Thank you.
Re: Suggestion for hacked sites
Posted: Tue Sep 20, 2011 5:02 pm
by gianpiero
I use
Beyond Compare that's an ftp client also.
N.B. .hope I'm not infringing forum rules when quoting commercial product
anyway try googling "file compare" for a free one
Re: Suggestion for hacked sites
Posted: Tue Sep 20, 2011 6:41 pm
by Mieszko
Thank you very much.
Re: Suggestion for hacked sites
Posted: Wed Sep 21, 2011 8:42 am
by RonnyK
In terms of checking. You can generate your own checksum as well. This means that you can test the default upload/install. Whne you installed modules etc, you can go to SystemVerification, and create a set for your current setup. And use that for comparison at a later moment.
Ronny
Re: Suggestion for hacked sites
Posted: Wed Sep 21, 2011 9:13 am
by gianpiero
@RonnyK
have you ever seen a site has been hacked through
modification of php files ? most of them are hacked via db, I suppose
thanks
Re: Suggestion for hacked sites
Posted: Wed Sep 21, 2011 6:27 pm
by RonnyK
gianpiero,
most hacked sites that I saw, where indeed modified php-files. They mostly originated from x-access on shared-hosts.
Ronny
Re: Suggestion for hacked sites
Posted: Wed Sep 21, 2011 6:29 pm
by gianpiero
Thanks
Re: Suggestion for hacked sites
Posted: Sun Sep 25, 2011 4:56 am
by replytomk3
Most hacks are thru SHARED hosting accounts.
To find if your site is still infected, download whole site by FTP, and scan those files with Avast!
Search for my posts on this.