Site been Hacked
Permalink 1 user found helpfulthe site in question ishttp://www.colingrayfencing.co.uk
the problem ishttp://www.google.com/safebrowsing/diagnostic?site=colingrayfencing...
There's a thousand ways someone could have got into your webspacee, but not likely through c5
Be wary, usually there are more files affected. Do a search for files modified recently from the attack. Also notify your hosting provider, they can usually run a script and remove many common hacks.
Make sure to change all passwords on your site (not concrete 5, but ftp/ssh/email etc.) YOu can change the c5 login passwords especially if they are the same as your ftp/ssh/email.
-Phil
I quote
"This is most likely due to a script inject on your site. If you run any scripts such wordpress and plugins please make sure it is up to date and any unused plugins are disabled."!!
I have emailed them again requesting to have run a scrpit looking for attacks
but anyway google seems to be happy with it now, and all passwords changed!
Thanks for the advice everyone! :)
They added some js around the site.
As for your host you might want another. We were at bluehost at one time but they didn't provide any answers until one rep actually said that there was a security breach on several servers.
You should look into using the sftp for your file transfers. And change your cpanel/ftp/c5 credentials every so often.
-Thomas
--
c5bundle - You Gotta Get It
http://c5bundle.net/buy
Looks like I have spoke to soon, now the whole site has been deleted! I am glad its not a "live" site
I have inspected every file hit when someone visits the site except the C5 index.php, which is compressed/compiled, and could be hiding a virus. Is there a security update for critical C5 files?
Needless to say, this is very annoying. Ours is a controversial site with many powerful enemies, and we get intrusion attempts often, but this one seems more difficult to fix. Any help would be appreciated.
http://blog.sucuri.net/2011/02/hilary-kneber-godaddy-and-welcometot...
That article talks about what is actually going on. I suggest getting in touch with your hosting provider, whether it is godaddy or not.
You should also change all of your passwords immediately. I also suggest you run various spyware / malware removal programs like hijackthis.de and spybot. I am not a security expert or Windows technician. If you notice your personal computer is behaving oddly you should probably take it to a professional.
It is unlikely that a hacker is targeting you for political reasons, or that you have even been targetted. Like most other crimes, cybercrime is primarily financially motivated and random.
As for your index.php, it should not contain any other code than
<?php require('concrete/dispatcher.php');
If anyone would like to inspect the hacked index.php file I can send it to you or attach it to a message on this board.
Perhaps needless to say if you had followed and read the links I provided, I had already done the other recommended security measures. The hosting provider and I both use Linux, so we have no Windows vulnerabilities. I absolutely would never use godaddy for anything. I also don't use insecure ftp. How anyone got in remains a mystery.
That being said, I don't know of any major security vulnerabilities in concrete5 today but certainly if anyone discovers something I urge them to private message me or Andrew
Best wishes
Pecked out on an iPhone
I thought c5 was secure?!