Hacked Again - errorlog_enable error

Hi Jacob,

In /lib/errorlog_functions.php on line 23 you should see this:

  if (error_reporting() !== -1) { die(__FUNCTION__ . ": error_reporting() must be set to -1, not " .error_reporting(). "!"); }

If it is 0 and not -1, change to -1 and upload it back to your site. This should remove the error.

There are no known security vulnerabilities in CMS Builder, but website hacks are becoming more and more common so we've created a page to help explain the issue, and to provide tips on restoring a hacked site:
http://www.interactivetools.com/docs/cmsbuilder/how_to_restore_hacked_sites.html

Have you tried using the Exploit Scanner.  After it runs and scans your files, it creates a list of detected hacks and modified files.
http://www.interactivetools.com/add-ons/exploit-scanner/

If you want more details about it, email: support@interactivetools.com

Also, let me know if you have any other errors or issues getting CMS Builder working again.

Thanks!

Hi Damon,

I have checked that line in the errorlog_functions.php file and the value is already set to -1. I did some grep searches and found a bunch of infected files in my 3rdParty folder and lib folder. I removed and re-uploaded the folders. I tried opening my site and got a message about needing to install the program first before I could use the viewers. I tried going to the admin section of my site, and immediately got redirected to namespro.ca. Now, if I try to view my website, even just the main page not the admin section, I get redirected. This was initially my indication that there was something wrong with my site, but it seemed to eventually go away and give me the error_reporting message. I have checked my .htaccess files in the root directory and in the cmsb (I have it called something else) folders, and they look just fine to me.

Is there something that comes to mind that I should check for those symptoms?

Thank you for your help so far!

Jacob

Hi Jacob,

Can you send in a Support Request with your CMS Builder and FTP details:
https://www.interactivetools.com/support/email_support_form.php?priority=regular&message=Hacked-Again---errorlog_enable-error-80255

Then I can look into the errors and see how I can help.

Thanks!

Jacob, 

The error you're getting should never come up.  It's just a safety check in the CMSB code.  That you are seeing it suggests the CMSB code might have been modified when you got hacked.  

I'd re-upload the latest CMSB files from the zip (not a backup) and see if it still happens.  And also check your site for other infected or malicious files.

Hope that helps!

Hi Dave,

I have reuploaded the CMSB files. I still get redirected to namespro.ca frequently trying to get to the admin page. I usually by trying a few times with and without the admin.php part it will manage to continue. I am now getting an error about not being able to create a session. I get: 

Couldn't start session! 'session_start(): open(**FILE_PATH_HERE**, O_RDWR) failed: No such file or directory (2)'!

I'm not sure what to do to fix this error. 

One note about the redirect stuff too, I happens no matter what device I am on. All my computers as well as my phone do the redirect thing. Other sites running on the server work fine, and all my .htaccess files look ok too. I'm not sure what is causing that problem either.

It's easy to restore if you have the data/schema files and the database backup.

Just upload a clean CMSB and install again in a new database, restore the database and overwrite the data/schema files.

Ready to work.

And /uploads/ too!  Easy to forget about those.  https://www.interactivetools.com/docs/cmsbuilder/move_servers.html

Cheers!

Just to echo your pain, I had a similar problem when all my sites on a virtual private cloud server, running plesk, got hacked. I bought the exploit scanner script, which saved me hours of time and I cleaned up the server. This happened again a few months later and all my sites were again hacked. Some got blacklisted in google. Everything was updated including plesk. All passwords changed. I did everything. For the third time it happened. I decided that this was really bad for my reputation and decided to abandon the VPS route as I wasted too much time trying to track down things that I wasn't really experienced with. I realised that Plesk was not great on security. I decided to move everything to a reputable cloud based reseller package on a shared platform, this was a good move. I moved all my sites over a couple of weeks, this was 2 years ago. I didn't need anything more than the magic 3 apache php mysql, and the requirements for managing my own server were not really required. I researched a decent host here in the UK and found the excellent TSOHOST https://www.tsohost.com. Since moving over 2 years ago I have had ZERO hacks and close to 100% uptime. They are not expensive. They will do the SSL installations and the like and they do full daily backups. Unless you need to make specific server level tweaks fro as I did. I slept easy at night and I don't get the client ringing up saying 'my website redirects to a porn site".