WTF

[GNU1516]

what the crap, our site was hacked, and linked here. just thought i'd let you know.

[Fulvio Romanin]

which site?
it's so weird, please give us some hint...
unless you didn't try to install wcms and to run it without installing the db, which sends here...

[frold]

what the crap, our site was hacked, and linked here. just thought i'd let you know.

sry cant take that serious without more details...

I could be your server that aint safe == not a phpwcms issue...

[GNU1516]

our site is yellowlaser.net, and this is the second time we got hacked.

[frold]

our site is yellowlaser.net, and this is the second time we got hacked.

But it first time anyone say so, so I guess it a server issue and not a phpwcms - we need more evidence

[Ben]

Did your site even use phpWCMS? It seems that if there were problems connecting to the database, it might forward visitors to http://www.phpwcms.de/dbdown.php

[DeXXus]

Is this possibly an install attempt of phpWCMS? The "appearance" of your site going to http://www.php.de can occur if:
new user doesn't "save" the "config.inc.php" file generated during setup and instead the default "conf.inc.php" from initial install remains:

Code: Select all

// site values
$phpwcms["site"]              = "http://www.phpwcms.de/";

[Fulvio Romanin]

might be a server issue... i hope...

anyway we'd need proof that wcms was hacked, and it's pretty hard to understand how you could possibly have a whole server hacked on mere db connection values, since usually there's no root access or whatever in the wcms config....

do you have any other evidence it was wcms's fault?