Main
Index 		Search
Posts 		Who's
Online 		Log
In

Home: Products: CMS Builder:
Hacking link problem...

 
 


cfdesign
User

Nov 28, 2011, 11:27 AM

Post #1 of 5 (482 views)
Shortcut
Hacking link problem... Can't Post
HI guys,

I have had a problem in the past with using wordpress and weird hacking problems... I use the CMS on one of my websites that does not use wordpress and am having a similar problem. Any chance that I need to update the software of CMS on the site?

Below is a little more of what I sent to my hosting company:


Hi - I need your help. We've just been passed along an email from the pharmaceutical company No vartis asking us to remove a trademarked name "Dio van" from pmaonline.com. We think there must have been a hacking of the site or something because the link they gave us is :
(removed link)

this link does not exsist on our website -- and there is no directory in medical_staff/greybox called "notes" or any other PHP issue... I am having a hard time figuring out how this is a problem.... when I google the link I get a page like this (Removed link) that lists the pmaonline.com on a list in the middle of the page... we never put this there and I'm not sure why it's there.... I plan on removing the word Diovan from the trial page on the pma website... but I wanted to figure out where and how this happened.

Can you help me being to sort this out? I don't want this to happen again.

Thanks, -Cheryl


(This post was edited by cfdesign on Nov 29, 2011, 6:54 AM)


Dave
Staff / Moderator


Nov 28, 2011, 4:08 PM

Post #2 of 5 (465 views)
Shortcut
Re: [cfdesign] Hacking link problem... [In reply to] Can't Post
Hi Cheryl,

I did a quick search on google for specific hacked pages but it didn't return anything. It did say that your site may have been compromised, though. See:
http://www.google.ca/search?q=site:pmaonline.com

We've never had a security issue with our software, but have heard of lots of hacked site reports. The culprit is often common open-source scripts. These are so popular that hackers spend the time to write automated scanners that check thousands of sites for known vulnerable scripts.

As a first step, I'd check to see if anything has been added to the /.htaccess file in the root of your website. Sometimes they add some code there to only show pages when a user links in from a search engine which would explain why you can't always see the page yourself.

Can you let me know if you see anything out of the ordinary in your /.htaccess? Make sure your FTP program shows .htaccess files and check in these folders (also check for php.ini files):
/medical_staff/greybox/
/medical_staff/
/

Hope that helps. Let me know what you find. Thanks!

Dave Edis - Senior Developer
interactivetools.com
 


cfdesign
User

Nov 29, 2011, 6:55 AM

Post #3 of 5 (448 views)
Shortcut
Re: [Dave] Hacking link problem... [In reply to] Can't Post
Thanks! this did help!!!! I found a slew of files that were not suppose to be there... now I gotta figure out how to not have it happen again.....


InHouse
User

Nov 29, 2011, 12:40 PM

Post #4 of 5 (440 views)
Shortcut
Re: [cfdesign] Hacking link problem... [In reply to] Can't Post
Sadly, this is a common problem which might have all kinds of causes. The most common is simply low quality shared hosting. All too often an insecure script running on a neighbouring account can be used to throw files "over the fence" onto your patch.

This assumes that the problem wasn't just a weak FTP username/password, or a myriad of other possible curses. Wink

J.


cfdesign
User

Nov 29, 2011, 1:06 PM

Post #5 of 5 (439 views)
Shortcut
Re: [InHouse] Hacking link problem... [In reply to] Can't Post
I do have shared hosting... the hosting company doesn't seem to think it was their issue... of course.... I changed passwords... and need to monitor a little closer.... Thankful for google webmaster tools.....