For some reason, I don't know if I'm being targeted or what the deal is, but every single one of my websites on my server running phpWCMS version 1.3.3 has been hacked, and it seems to be happening more frequently.
It started off about 6 months ago by some prick named UltraTurk, and now some guy called Asl_PaRdOnE, part of some Turkish hacker group and some other jerk that calls himself SenqRonize.
The only thing that ever gets modified is the index.php file and nothing else. The database, and all other phpWCMS files are intact.
Does anyone have any advice for me? How can I keep these sites from getting hacked? What is the security problem with the index.php file? The only solution I have is to just overwrite the index.php back to the original file to get the site back, but then it just gets hacked again.
I have about 15-20 sites on the same server, and other CMS systems like Mambo, flash-based, and hard-coded haven't been touched. So is someone targeting phpWCMS sites?
Please HELP!
Sites affected:
http://www.5-75.org
http://www.jason-steele.com
http://www.c3motorsport.com (fixed)
http://www.blackwidowproject.com (fixed)
v1.3.3 Constantly being hacked...
-
C3 Motorsport
- Posts: 7
- Joined: Thu 17. Mar 2005, 18:31
- Location: San Jose, CA
- Contact:
-
C3 Motorsport
- Posts: 7
- Joined: Thu 17. Mar 2005, 18:31
- Location: San Jose, CA
- Contact:
The index.php is completely re-written. As if someone copied a new index.php in its place. No resemblance of the original file. The only one that appears to have some resemblance of the original file is the index.php on 5-75.org . I'll do a **** in a little while when I get home.
What I'm trying to get to the bottom of is whether or not there is a security bug in the index.php file and if there is, is that what is giving them access to the file to change it?
Don't get me wrong, I absolutely love everything about phpWCMS, but if this continues to happen, I may end up looking for another, more secure application. the 5-75.org is a site I'm developing for a US Army unit, and the last thing they can afford is to have their site HACKED. Fortunately, it hasn't gone live yet.
What I'm trying to get to the bottom of is whether or not there is a security bug in the index.php file and if there is, is that what is giving them access to the file to change it?
Don't get me wrong, I absolutely love everything about phpWCMS, but if this continues to happen, I may end up looking for another, more secure application. the 5-75.org is a site I'm developing for a US Army unit, and the last thing they can afford is to have their site HACKED. Fortunately, it hasn't gone live yet.
...
http://www.5-75.org/login.php
ACHTUNG! Das "SETUP" Verzeichnis ist noch immer vorhanden! Löschen Sie dieses Verzeichnis, sonst haben Sie ein potentielles Sicherheitproblem.
delete your setup-folder .... may this will help ...
greets
sunburn
http://www.5-75.org/login.php
ACHTUNG! Das "SETUP" Verzeichnis ist noch immer vorhanden! Löschen Sie dieses Verzeichnis, sonst haben Sie ein potentielles Sicherheitproblem.
delete your setup-folder .... may this will help ...
greets
sunburn
And trying to do a setup everyone is able to read the data of DB user, DB password and DB database...sunburn wrote:...
delete your setup-folder .... may this will help ...
greets
sunburn
Campeones del mundo!
Vegetables!
Vegetables!
YUP, first two sites in list are still vulnerable! 