Hacking link problem...

5 posts by 3 authors in: Forums > CMS Builder
Last Post: November 29, 2011   (RSS)

By (Deleted User) - November 28, 2011 - edited: November 29, 2011

HI guys,

I have had a problem in the past with using wordpress and weird hacking problems... I use the CMS on one of my websites that does not use wordpress and am having a similar problem. Any chance that I need to update the software of CMS on the site?

Below is a little more of what I sent to my hosting company:


Hi - I need your help. We've just been passed along an email from the pharmaceutical company No vartis asking us to remove a trademarked name "Dio van" from pmaonline.com. We think there must have been a hacking of the site or something because the link they gave us is :
(removed link)

this link does not exsist on our website -- and there is no directory in medical_staff/greybox called "notes" or any other PHP issue... I am having a hard time figuring out how this is a problem.... when I google the link I get a page like this (Removed link) that lists the pmaonline.com on a list in the middle of the page... we never put this there and I'm not sure why it's there.... I plan on removing the word Diovan from the trial page on the pma website... but I wanted to figure out where and how this happened.

Can you help me being to sort this out? I don't want this to happen again.

Thanks, -Cheryl

Re: [cfdesign] Hacking link problem...

By Dave - November 28, 2011

Hi Cheryl,

I did a quick search on google for specific hacked pages but it didn't return anything. It did say that your site may have been compromised, though. See:
http://www.google.ca/search?q=site:pmaonline.com

We've never had a security issue with our software, but have heard of lots of hacked site reports. The culprit is often common open-source scripts. These are so popular that hackers spend the time to write automated scanners that check thousands of sites for known vulnerable scripts.

As a first step, I'd check to see if anything has been added to the /.htaccess file in the root of your website. Sometimes they add some code there to only show pages when a user links in from a search engine which would explain why you can't always see the page yourself.

Can you let me know if you see anything out of the ordinary in your /.htaccess? Make sure your FTP program shows .htaccess files and check in these folders (also check for php.ini files):
/medical_staff/greybox/
/medical_staff/
/

Hope that helps. Let me know what you find. Thanks!
Dave Edis - Senior Developer
interactivetools.com

Re: [Dave] Hacking link problem...

By (Deleted User) - November 29, 2011

Thanks! this did help!!!! I found a slew of files that were not suppose to be there... now I gotta figure out how to not have it happen again.....

Re: [cfdesign] Hacking link problem...

By InHouse - November 29, 2011

Sadly, this is a common problem which might have all kinds of causes. The most common is simply low quality shared hosting. All too often an insecure script running on a neighbouring account can be used to throw files "over the fence" onto your patch.

This assumes that the problem wasn't just a weak FTP username/password, or a myriad of other possible curses. [;)]

J.