Compromised site
Permalink
Hi all,
I'm still pretty new to using Concrete 5 and could really use help on fixing a problem.
It seems our site keeps getting compromised with a malicious style.php file in the sites root directory. The compromised file references another file, links.db (a SQLite database) with a list of sites, then uses that to insert a block of visibility:hidden text & links into the head of the page.
I've tried changing passwords, disallowing ftp except when I was using it, changing permissions to be 0444 or 0555, but it's been compromised again.
Has anyone heard of this before & hopefully have a solution?
Thanks,
James
P.S. Copy of the style.php is attached at a .txt file.
I'm still pretty new to using Concrete 5 and could really use help on fixing a problem.
It seems our site keeps getting compromised with a malicious style.php file in the sites root directory. The compromised file references another file, links.db (a SQLite database) with a list of sites, then uses that to insert a block of visibility:hidden text & links into the head of the page.
I've tried changing passwords, disallowing ftp except when I was using it, changing permissions to be 0444 or 0555, but it's been compromised again.
Has anyone heard of this before & hopefully have a solution?
Thanks,
James
P.S. Copy of the style.php is attached at a .txt file.
Anyone? I could really use some help here.
Not sure how much help I can be, but have you had a look at your htaccess file(s)? I'd start there to see if anything seems out of the ordinary (also look for more than one htaccess file throughout your file tree).
Change passwords for your server, FTP and sql database.
Hope that helps.
Change passwords for your server, FTP and sql database.
Hope that helps.
