Website hacked

9 posts by 3 authors in: Forums > CMS Builder
Last Post: July 7, 2011   (RSS)

Re: [gversion] Website hacked

By Damon - July 6, 2011

Hi Greg,

The viewCats.php page wasn't attached to the post.

Can you email it to support@interactivetools.com and reference this forum post:
http://www.interactivetools.com/forum/gforum.cgi?post=88935#88935

Then we can take a look at what code your are using in the file.

Thanks!
Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Damon] Website hacked

By gversion - July 6, 2011

Thanks Damon - I have sent you an email.

Greg

Re: [gversion] Website hacked

By Dave - July 6, 2011

Hi Greg,

I'll just add that that looks like an automated scan. We get those all the time on our site. They may scan thousands of PHP files to try and find an entry point.

You can lookup their IP here: http://www.ip2location.com/free.asp

But it looks like it's coming from another website:
http://174.122.63.164/

Who is hosted by theplanet.com or softlayer.com
http://www.whoishostingthis.com/174.122.63.164

Probably someone else had their website hacked and now it's being used to find more sites to hack into.

viewCats.php might not be the entry point but probably a good place to start looking. Also check for any scripts you have that are out of date.

Hope that helps!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Website hacked

By gversion - July 7, 2011

Hello Dave,

Thanks so much for the response.

I have decided to delete all the files from the web server and start with a fresh version of CMS Builder (v2.10).

I ran the installation again using the MySQL details of a *new* database (as the restore from backup didn't work) but I would like to now revert to the *old* database so all my users and listings are back up and running.

I have changed the MySQL connection details in the following file to point to the old database:
cmsAdmin/data/settings.dat.php

My user accounts are successfully being displayed, but none of the Section Editors in cmsAdmin are appearing.

Could you please tell me how to get the Section Editors to display all the database tables I have setup, for example:

cms_listings
cms_web_pages
cms_homepages

Currently there are only 2 Section Editors appearing, which are being pulled from the *new* database (the one I used during the initial installation and no longer want to be using).

Thank you,
Greg

Re: [gversion] Website hacked

By gversion - July 7, 2011

Hello,

I have just found out that the Section Editors are saved in the following folder:

cmsAdmin/data/schema/

So I uploaded the missing files from the backup that I have and now the Section Editors are appearing again.

Regards,
Greg

Re: [gversion] Website hacked

By gversion - July 7, 2011

Hello,

I am seeing the following error message when I try and view my listings page:

==========
failed to get realpath of: ./
==========

Does any one know what might be causing this?

Attached is the file I am using.

Thank you,
Greg
Attachments:

listings_002.php 6K

Re: [gversion] Website hacked

By Damon - July 7, 2011

Hi Greg,

It's a bug in 2.10 that will be fixed for the next release.

Dave wrote the details here:
http://www.interactivetools.com/forum/gforum.cgi?post=88919#88919



The quickest fix is as follows. Under: Admin > General update "Upload directory" to be a absolute filepath. You can do this by copying the "Program directory" value and a / before the upload value.

So for me my settings are as follows:
Program Directory: C:/wamp/www/sb/CMS Builder/cmsAdmin
Uploads Directory: uploads/

So I copy the value from program directory and add that with an slash to uploads directory:

Uploads Directory: C:/wamp/www/sb/CMS Builder/cmsAdmin/uploads/


Let me know if that works for you.
Cheers,
Damon Edis - interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Damon] Website hacked

By gversion - July 7, 2011

Thanks Damon - that did the job.

Greg [:)]