Parse error
Permalink
Parse error: syntax error, unexpected '<' in /home/mygmbc5/public_html/concrete/dispatcher.php on line 207
I received the above parse error on a clients site. the dispatcher.php file was filled with malicious code (see atch) this happened on 10/22/09 and previously on 10/14/09. I replaced the dispatcher.php file with the correct one and everything is fine. Any ideas on how to prevent this hack from continuing.
I also noticed an htaccess file in the concrete directory. Should it be there? The only text in it is: "Options All -Indexes"
Thanks for your help
I received the above parse error on a clients site. the dispatcher.php file was filled with malicious code (see atch) this happened on 10/22/09 and previously on 10/14/09. I replaced the dispatcher.php file with the correct one and everything is fine. Any ideas on how to prevent this hack from continuing.
I also noticed an htaccess file in the concrete directory. Should it be there? The only text in it is: "Options All -Indexes"
Thanks for your help
frz,
I checked with my webhost (inmotionhosting) and sent them my saved and corrupted dispatcher.php files from 10/14 and 10/22/09. They said it was a Gumblar exploit that primarily steels ftp passwords from users with non updated versions of adobe flash player and adobe acrobat.
Does concrete install an htaccess file in the concrete directory?
Here's a couple of websites that explain it and possible ways to protect your site:
http://www.web-hosting-newsletter.com/2009/06/15/gumblar-exploit-an...
http://viruslab.blog.avg.com/2009/05/gumblars-obfuscation-technique...
I checked with my webhost (inmotionhosting) and sent them my saved and corrupted dispatcher.php files from 10/14 and 10/22/09. They said it was a Gumblar exploit that primarily steels ftp passwords from users with non updated versions of adobe flash player and adobe acrobat.
Does concrete install an htaccess file in the concrete directory?
Here's a couple of websites that explain it and possible ways to protect your site:
http://www.web-hosting-newsletter.com/2009/06/15/gumblar-exploit-an...
http://viruslab.blog.avg.com/2009/05/gumblars-obfuscation-technique...
Here's another link about gumblar my webhost tech support sent.
http://www.webologist.co.uk/2009/05/gumblar-virus-threat-to-the-int...
http://www.webologist.co.uk/2009/05/gumblar-virus-threat-to-the-int...
nope, concrete5 does require an htaccess file to exist if you want to use pretty urls, but it doesn't write it automatically.
Moreover, the exploit you're looking at infects your local computer and then steals FTP passwords as you update your site. There's really nothing concrete5 specific in there, the best advice these articles give is to update flash and acrobat (pdf viewer)
thx
-frz
Moreover, the exploit you're looking at infects your local computer and then steals FTP passwords as you update your site. There's really nothing concrete5 specific in there, the best advice these articles give is to update flash and acrobat (pdf viewer)
thx
-frz
There are no known security holes in concrete5 today.
Contact your webhost to figure out what's going on, and please let us know what you find.
thx
-frz