My hosting account possibly "hacked"...?

Status
Not open for further replies.

mcmmsagh

Member
Messages
51
Reaction score
0
Points
6
I sure really hope not, but here's the situation: when I logged into my site's Admin CP (the CMS for the main portion of my site, of course) - I was doing my normal updating as usual from the backend when I noticed something that was amiss. Attached to this post are two images to prove my case: the first image is when I clicked on the "Blocks" link, only to find a section which has something titled "H4CK" (which I know for sure I did not put in) - suspicion #1.
mc_mmgs_11202013_sa1.png
Now when I click the edit block link for that, that's where I detect suspicion #2 (which has that phpinfo(); thing in the textbox).
mc_mmgs_11202013_sa2.png
As I said, all that activity in question was obviously not from me. Can any of you server admins detect who actually tried to possibly infiltrate my hosting account and/or the database? I'm getting worried about the security of my related hosting account for the site itself.

Thanks in advance, and once again, the images in question are attached to this post. Looking forward to your responses shortly.
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
What CMS? Did you Google to see if there are other reports of such incidents?

Most such problems are due to security bugs in the CMS.
 

mcmmsagh

Member
Messages
51
Reaction score
0
Points
6
It says on the bottom of my site (main section, NOT the forums section) that it's powered by LoveCMS. I did investigate before and didn't hear of any major security issues with the CMS itself.
 

bdistler

Well-Known Member
Prime Account
Messages
3,534
Reaction score
196
Points
63

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Yes. If you add "H4ck" and "phpinfo" to the Google search, you can find the code they probably used.
I would find another (up to date and secure) CMS.
 

mcmmsagh

Member
Messages
51
Reaction score
0
Points
6
Here is just one --> [ http://www.securityfocus.com/bid/45577/discuss ]

Google shows "About 152,000 results" for --> [ LoveCMS exploit ]

at --> [ https://www.google.com/search?q=LoveCMS exploit&biw=1360&bih=682&ei=9HiPUrXjJ4rukQeWlIC4Dg&start=10&sa=N#q=LoveCMS exploit ]

IMO LoveCMS is old (2007/2008) and not up to date

I'll have to get back with you via PM in relation to this. I do have plans to back up my site and database when I get the earliest chance; I'm getting leery that from what I saw from my CMS backend of the main site - some action might have to be taken on my end.
 

mcmmsagh

Member
Messages
51
Reaction score
0
Points
6
Okay, just a quick update and a question in relation to this - can someone tell if I have drawn the right conclusions and announced this correctly as stated on this page and this forum post on my site? Because as I said - it looks like from the clues that you guys have given me one to two weeks ago, it looks like I have to prepare to take action (after I have gotten my files and databases on said account backed up on my end).
 
Status
Not open for further replies.
Top