My concrete site just shut down today
Permalink 1 user found helpful
I went to the web to look at the site I designed in concrete 5.3.2 and got this error:
Parse error: syntax error, unexpected '<' in /home/mygmbc5/public_html/index.php on line 7
This is what is on line 7:
<?php error_reporting(0); echo "\n"; @__sfd1252575505__(); ?>
I even tried to go to the login and get the same error.
Here is all the code in my index.php file:
<?php @register_shutdown_function("__sfd1252575505__");function __sfd1252575505__() { global $__sdv1252575505__; if (!empty($__sdv1252575505__)) return; $__sdv1252575505__=1; echo <<<DOC__DOC
<!-- [2265b5cb8fdea147f070cfe5942efbfb --><!-- 5055752521 --><div style="overflow:auto; visibility:hidden; height: 1px; "><ul><li><a href="http://2309h34b34b34b.cc/sl">.</a></li></ul></div><!-- 2265b5cb8fdea147f070cfe5942efbfb] -->
DOC__DOC;
} ?>
<?php
require('concrete/dispatcher.php');
<?php error_reporting(0); echo "\n"; @__sfd1252575505__(); ?>
Thank you for your help.
ewc07
Parse error: syntax error, unexpected '<' in /home/mygmbc5/public_html/index.php on line 7
This is what is on line 7:
<?php error_reporting(0); echo "\n"; @__sfd1252575505__(); ?>
I even tried to go to the login and get the same error.
Here is all the code in my index.php file:
<?php @register_shutdown_function("__sfd1252575505__");function __sfd1252575505__() { global $__sdv1252575505__; if (!empty($__sdv1252575505__)) return; $__sdv1252575505__=1; echo <<<DOC__DOC
<!-- [2265b5cb8fdea147f070cfe5942efbfb --><!-- 5055752521 --><div style="overflow:auto; visibility:hidden; height: 1px; "><ul><li><a href="http://2309h34b34b34b.cc/sl">.</a></li></ul></div><!-- 2265b5cb8fdea147f070cfe5942efbfb] -->
DOC__DOC;
} ?>
<?php
require('concrete/dispatcher.php');
<?php error_reporting(0); echo "\n"; @__sfd1252575505__(); ?>
Thank you for your help.
ewc07
all your index.php file should have in it is:
I changed the index.php to what you showed and everything is opening again.
How could that have happened (any idea) this is a new server for a new client. Was it really hacked, the site isn't even officially up, it's still in the design process.
How could that have happened (any idea) this is a new server for a new client. Was it really hacked, the site isn't even officially up, it's still in the design process.
ask your webhost.. there are no known security vulnerabilities in concrete5 today, so its quite possible something else in your webspace or its basic configuration left a hole that let some trojan put that code in your index.php file..
That file didn't just get that way on it's own, you may want to search for some of that code that was posted and see if the bot/virus/hacker has been spreading that around.
Allot of the time new servers get hacked because they haven't been locked down & updated yet. Unessential services disabled, passwords changed etc..
I'd contact your hosting company if I was you. Also check out any other sites (if any) that server is running to see they're affected.
Allot of the time new servers get hacked because they haven't been locked down & updated yet. Unessential services disabled, passwords changed etc..
I'd contact your hosting company if I was you. Also check out any other sites (if any) that server is running to see they're affected.
quick googling shows other apps that have had this code show up:
http://www.phpbuilder.com/board/showthread.php?t=10359635...
http://www.phpbuilder.com/board/showthread.php?t=10359635...
Thanks, I'll look into it. I appreciate the fix that got the site back up.
