CMS Builder Hacked - Help!
2 posts by 2 authors in: Forums > CMS Builder
Last Post: June 3, 2011 (RSS)
By degreesnorth - June 2, 2011
My client's CMS builder site has been hacked. Yes, we use a very reliable hosting company (2nd largest in the country) and their security is great. The files which were effected were in the CMSbuilder > Data > Schema - virtually every file, which effected both the front end and backend (I still can't get into the backend until we do a restore, but would prefer to improve the security first). The hosting company advised that the minimum security should be CHMOD 644 files setting. Will that stop the CMS from working? Is there anything we can do to prevent this from happening again (ie, changing the security setting on the files). Any urgent reply would be great.
Re: [degreesnorth] CMS Builder Hacked - Help!
By Dave - June 3, 2011
Hi degreesnorth,
CMS Builder doesn't have any known security vulnerabilities and has never been hacked. What has likely happened is either another script on the site or the host itself has been hacked and then the hacker (or an automated hacking script) modified any files it could that were writable by PHP.
Common entry points are older Wordpress installs, older open source software, email contact forms, etc. Hackers write automated scripts to scan for known vulnerable versions. Also if another user on the host was compromised they may have used that as an entry point.
You can safely reduce access on any CMSB files with CHMOD and the program will alert you if it can't access those files. In general, though, if CMSB can access a file (even with CHMOD 644) it means other PHP scripts can access the same file, so it doesn't usually help a whole lot unless everything is secure.
Let me know how we can best assist. Feel free to email direct if needed to dave@interactivetools.com.
Hope that helps!
CMS Builder doesn't have any known security vulnerabilities and has never been hacked. What has likely happened is either another script on the site or the host itself has been hacked and then the hacker (or an automated hacking script) modified any files it could that were writable by PHP.
Common entry points are older Wordpress installs, older open source software, email contact forms, etc. Hackers write automated scripts to scan for known vulnerable versions. Also if another user on the host was compromised they may have used that as an entry point.
You can safely reduce access on any CMSB files with CHMOD and the program will alert you if it can't access those files. In general, though, if CMSB can access a file (even with CHMOD 644) it means other PHP scripts can access the same file, so it doesn't usually help a whole lot unless everything is secure.
Let me know how we can best assist. Feel free to email direct if needed to dave@interactivetools.com.
Hope that helps!
Dave Edis - Senior Developer
interactivetools.com
interactivetools.com