CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

HELP- Search module or site hacked or phished, or not?

https://forum.cmsmadesimple.org/viewtopic.php?t=72731

Page 1 of 1

HELP- Search module or site hacked or phished, or not?

Posted: Fri Apr 17, 2015 8:25 am
by burlington
Website was upgraded last month to latest CMSMS version 1.11.13.

'Search' module files show changes/creation dates at the time of the upgrade, 23/3/15. HOWEVER, there is a file ini.php which is dated 10/4/15.

I raise this question because the site owner has had an email from '<noreply@google.com>' which states:
<quote>
Below are one or more example URLs on your site which may be part of a phishing attack:
http://www.xyz.co.uk/modules/Search/templates
http://www.xyz.co.uk/modules/Search/templates/
http://www.xyz.co.uk/modules/Search/templates/index.html
</quote>

Any ideas folks?

Many thanks

Martin

Re: HELP- Search module or site hacked or phished, or not?

Posted: Fri Apr 17, 2015 8:58 am
by staartmees
I don't think the email is really from the email address "noreply@ google.com", it was probably spoofed. Bet if you clicked on 'reply' you would be sending an email to an email address that is not "noreply@ google.com".

Re: HELP- Search module or site hacked or phished, or not?

Posted: Fri Apr 17, 2015 10:07 am
by Jo Morg
burlington wrote:Any ideas folks?
Did you actually try any of those links in your own site to see what happens?
In all CMSMS distributions all directories created or used by the core have an index.html file with the following content:

Code: Select all

<!-- dummy index.html -->
which would display a blank page in any case.
That is what you should find there, and nothing else. If there is some other page, you should be looking for security problems with your host. Typically this is not a CMSMS problem.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited