My hosting account possibly "hacked"...?

[mcmmsagh]

I sure really hope not, but here's the situation: when I logged into my site's Admin CP (the CMS for the main portion of my site, of course) - I was doing my normal updating as usual from the backend when I noticed something that was amiss. Attached to this post are two images to prove my case: the first image is when I clicked on the "Blocks" link, only to find a section which has something titled "H4CK" (which I know for sure I did not put in) - suspicion #1.

Now when I click the edit block link for that, that's where I detect suspicion #2 (which has that phpinfo(); thing in the textbox).

As I said, all that activity in question was obviously not from me. Can any of you server admins detect who actually tried to possibly infiltrate my hosting account and/or the database? I'm getting worried about the security of my related hosting account for the site itself.

Thanks in advance, and once again, the images in question are attached to this post. Looking forward to your responses shortly.

 

[descalzo]

What CMS? Did you Google to see if there are other reports of such incidents?

Most such problems are due to security bugs in the CMS.

 

[mcmmsagh]

It says on the bottom of my site (main section, NOT the forums section) that it's powered by LoveCMS. I did investigate before and didn't hear of any major security issues with the CMS itself.

 

[bdistler]

I did investigate before and didn't hear of any major security issues with the CMS itself.

Here is just one --> [ http://www.securityfocus.com/bid/45577/discuss ]

Google shows "About 152,000 results" for --> [ LoveCMS exploit ]

at --> [ https://www.google.com/search?q=Lov...4rukQeWlIC4Dg&start=10&sa=N#q=LoveCMS+exploit ]

IMO LoveCMS is old (2007/2008) and not up to date

 

[descalzo]

Yes. If you add "H4ck" and "phpinfo" to the Google search, you can find the code they probably used.
I would find another (up to date and secure) CMS.

 

[mcmmsagh]

Here is just one --> [ http://www.securityfocus.com/bid/45577/discuss ]

Google shows "About 152,000 results" for --> [ LoveCMS exploit ]

at --> [ https://www.google.com/search?q=LoveCMS exploit&biw=1360&bih=682&ei=9HiPUrXjJ4rukQeWlIC4Dg&start=10&sa=N#q=LoveCMS exploit ]

IMO LoveCMS is old (2007/2008) and not up to date

I'll have to get back with you via PM in relation to this. I do have plans to back up my site and database when I get the earliest chance; I'm getting leery that from what I saw from my CMS backend of the main site - some action might have to be taken on my end.

 

[mcmmsagh]

Okay, just a quick update and a question in relation to this - can someone tell if I have drawn the right conclusions and announced this correctly as stated on this page and this forum post on my site? Because as I said - it looks like from the clues that you guys have given me one to two weeks ago, it looks like I have to prepare to take action (after I have gotten my files and databases on said account backed up on my end).