phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

v1.3.3 Constantly being hacked...

https://forum.phpwcms.org/viewtopic.php?t=15646

Page 1 of 1

v1.3.3 Constantly being hacked...

Posted: Sat 15. Sep 2007, 00:02
by C3 Motorsport
For some reason, I don't know if I'm being targeted or what the deal is, but every single one of my websites on my server running phpWCMS version 1.3.3 has been hacked, and it seems to be happening more frequently.

It started off about 6 months ago by some prick named UltraTurk, and now some guy called Asl_PaRdOnE, part of some Turkish hacker group and some other jerk that calls himself SenqRonize.

The only thing that ever gets modified is the index.php file and nothing else. The database, and all other phpWCMS files are intact.

Does anyone have any advice for me? How can I keep these sites from getting hacked? What is the security problem with the index.php file? The only solution I have is to just overwrite the index.php back to the original file to get the site back, but then it just gets hacked again.

I have about 15-20 sites on the same server, and other CMS systems like Mambo, flash-based, and hard-coded haven't been touched. So is someone targeting phpWCMS sites?

Please HELP!

Sites affected:

http://www.5-75.org
http://www.jason-steele.com
http://www.c3motorsport.com (fixed)
http://www.blackwidowproject.com (fixed)

Posted: Sat 15. Sep 2007, 01:11
by DeXXus
If ONLY index.php is changed...what "changes" EXACTLY occur? What does a "file compare" show? Just curious.

Posted: Sat 15. Sep 2007, 01:22
by C3 Motorsport
The index.php is completely re-written. As if someone copied a new index.php in its place. No resemblance of the original file. The only one that appears to have some resemblance of the original file is the index.php on 5-75.org . I'll do a **** in a little while when I get home.

What I'm trying to get to the bottom of is whether or not there is a security bug in the index.php file and if there is, is that what is giving them access to the file to change it?

Don't get me wrong, I absolutely love everything about phpWCMS, but if this continues to happen, I may end up looking for another, more secure application. the 5-75.org is a site I'm developing for a US Army unit, and the last thing they can afford is to have their site HACKED. Fortunately, it hasn't gone live yet.

Posted: Sat 15. Sep 2007, 10:52
by sunburn
...


http://www.5-75.org/login.php

ACHTUNG! Das "SETUP" Verzeichnis ist noch immer vorhanden! Löschen Sie dieses Verzeichnis, sonst haben Sie ein potentielles Sicherheitproblem.

delete your setup-folder .... may this will help ...

greets
sunburn

Posted: Sat 15. Sep 2007, 11:08
by sustia
sunburn wrote:...



delete your setup-folder .... may this will help ...

greets
sunburn
And trying to do a setup everyone is able to read the data of DB user, DB password and DB database...

Posted: Sat 15. Sep 2007, 12:18
by pico
What's up, good People?

seems that your Server is NOT save at all :twisted: :evil:

Posted: Sat 15. Sep 2007, 12:49
by DeXXus
:arrow: YUP, first two sites in list are still vulnerable! :o
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited