CMS Made Simple Forums

Posted: **Tue May 01, 2012 8:56 am**

Hi there,

I've updated my sites to the latest version, 1.10.3 yet I'm getting repetitive security breaches - once hacked, this error message is displayed:

Code: Select all

Parse error: syntax error, unexpected T_STRING in /home/yeser5/public_html/index.php on line 225

It's adding a bunch of malicious code on line 219, in the php tag, right after $smarty->_eval('?...

Screen shot attached.

I have no idea what all that is, but it don't look good!

About 5 of my sites, on 3 different servers, have all had this hack a couple of times in the last few weeks... config and index have been set to chmod 644 - I try to set them to 444, but filezilla wont accept it - is there another way? Or is that not the issue?

Obviously putting the original index file back up fixes it, but I'd love to know how to prevent it. I update ftp and admin passwords regularly...

Anyone come across this or have any suggestions?

Thanks!

Posted: **Tue May 01, 2012 8:59 am**

Please read this: http://forum.cmsmadesimple.org/viewtopi ... 72#p276472

Rolf

Posted: **Tue May 01, 2012 9:09 am**

Thanks Rolf!

Posted: **Tue May 01, 2012 2:07 pm**

It was nice of the hackers to comment their code.

Posted: **Tue May 01, 2012 11:17 pm**

Ha! I know...

It's organised crime that we're dealing with!

Posted: **Mon May 21, 2012 2:03 am**

Hi,

Just wondering if anyone has come across this yet?

It's happened a few more times since.

Apart from upgrading is there anything else I should be doing?

Can the sever be hacked via the CMS admin? If users don't logout is it exposed? Is there a setting to enable sessions for the admin so if they don't logout the session will end?

Thanks.

Posted: **Mon May 21, 2012 2:49 am**

If you have completely cleaned your sites... and some are still getting hacked, then the hack is probably coming from a file on your server either a file that exists on your site(s) placed there by a hacker.... or a site that exists on somebody elses site on the same host.

a: Clean your sites
b: Do system verification
- understand ALL of the errors, double check all of the files (even the images)
c: Tighten up all permissions
- Don't ask what permissions should be, they should be tight but the exact permission level depends on how the system is configured and the functionality you need.
d: Make a backup of everything (once it is clean)

if it happens again after you've cleaned up again, report it to your host or system administrator.

Posted: **Wed May 23, 2012 3:51 am**

Ok great - thanks for that will give it a go!

Posted: **Wed May 23, 2012 9:42 am**

ncd wrote:Ha! I know...

It's organised crime that we're dealing with!

LOL

ncd wrote:Just wondering if anyone has come across this yet?

Yes, I seen it before. Like Calguy said, there is somewhere a file at your server that is changing your files.
So you aren't hacked *again*, but you are *still* hacked...

Rolf

CMS Made Simple Forums

Multiple sites hacked! Line 225 index.php - Anyone else?

Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?

Re: Multiple sites hacked! Line 225 index.php - Anyone else?