CMS Made Simple Forums

A site I did many moons ago has been severely hacked. No, it was not up to date CMSMS-wise but that is up to the site owner, not me.

The website hosting company has done a security trawl of the site and can only come up with one file that they can't clear. This is mhostgator.php.

I know what hostgator.php is legitimate but am not sure about this file.

Any ideas would be appreciated.

Thanks

Martin

ps the hacking takes the form of altering the user's email address in User table in the DB so that the 'lost password' facility cannot be used, thus allowing the hacker to alter the site.

AFAIK mhostgator.php is not part of the CMSMS package no matter what version. As soon as you have access to the backend of the site I recommend that you do a system verification in order to have some idea of the integrity of the files.

Jo Morg wrote:AFAIK mhostgator.php is not part of the CMSMS package no matter what version. As soon as you have access to the backend of the site I recommend that you do a system verification in order to have some idea of the integrity of the files.

Thank you Jo for your advice. Much appreciated. However, I can't get in to the back end via ../admin, as my my later posting refers. Is there any way around this please? I can get in to the server OK but as for the CMSMS program, no way at the moment.

I have renamed mhostgator.php to old-mhostgator.php on the server without any apparent adverse effects to the site, so will now delete it or try to quarantine it and see what happens.

Regards

Martin

burlington wrote:However, I can't get in to the back end via ../admin, as my my later posting refers. Is there any way around this please? I can get in to the server OK but as for the CMSMS program, no way at the moment.

Without a clue as to what is breaking, there is nothing we can do...

burlington wrote:A site I did many moons ago has been severely hacked. No, it was not up to date CMSMS-wise but that is up to the site owner, not me.

You'd need to post as much info as possible, far more that what you had so far, including CMSMS version, PHP version, installed modules, and, very important, any errors in PHP error log, otherwise it is a guessing game...

I quite agree Jo BUT if I can't get in to the program, I can't do anything!

If there was a way in apart from the usual method I would take it.

I do though have access to the DB via CPanel, and I am sure that there may be a way around this by importing and thus overwriting the DB from a 'proper' site and it's relevant passwords, and moving on from there.

My inclination at this time of the day/evening is to ditch the whole thing and start again from scratch, using a different folder and a WayBack facility to copy/paste content. There is though a lot of data!!

Martin

burlington wrote:I quite agree Jo BUT if I can't get in to the program, I can't do anything!

If there was a way in apart from the usual method I would take it.

You have, via CPanel access to a file manager too, which means you can reach version.php file and let us know which version CMSMS is. To know which PHP version you are using just search CPanel, it should be visible somewhere (configurations change so much from host to host but it should be there). PHP error logs should be set and configured by you or your host via CPanel or other and should be accessible via CPanel FileManager too.

Additionally take a look at: http://docs.cmsmadesimple.org/troubleshooting/tips
Most is CMSMS version independent...
HTH

Thank you Jo. Please forgive me but I am being 'called' to eat; it is that time of day!

Will respond soonest tomorrow.

Regards

Martin

If you have access to the DB you can change the email address of the user to yours then send a password renewal...

Dr.CSS wrote:If you have access to the DB you can change the email address of the user to yours then send a password renewal...

Yes, I have done that before twice but it reverts back. Now, access to CPanel seems to be blocked as it won't accept the password.

i have now given up on trying to get in to the server this evening and have asked the website host to reset the password at their end.

Frankly, there is something very wrong here, and I am now very tempted to delete the whole CMS system and start again.

PHP version is 4.0.10.7

The complete server info is:


Server: Localhost via UNIX socket
Server type: MySQL
Server version: 5.5.46-cll - MySQL Community Server (GPL)
Protocol version: 10
User: doug1839@localhost
Server charset: UTF-8 Unicode (utf8)

Web server

cpsrvd 11.52.1.3
Database client version: libmysql - 5.1.73
PHP extension: mysqli Documentation

phpMyAdmin

Version information: 4.0.10.7, latest stable version: 4.5.3.1