We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Hacker or hackbot slipped some code into my index.php causing server to throw error

August 06, 2009 5:07pm

Subscribe [3]

  • #1 / Aug 06, 2009 5:07pm

    koi

    36 posts

    I am running 1.6.0 (Build:  20070622 )and have had my index.php file on my server modified by an unauthorized party. Its a dedicated server and my server company isn’t of any use to explain how it might have happened.  I am assuming they exploited a security hole unrelated to EE, but I thought I would post this here anyway.  I have changed the server password and the account password.  I need to change the database password, but the fact their modification code to the index.php caused the php compiler to fail, throwing this error, suggests to me that they didn’t actually have direct access to the index.php file.

    I don’t know much about servers much less anything related to PHP, so any comments would help.  The PHP error that caused the PHP compiler to fail:
    Parse error: syntax error, unexpected T_STRING in /home/.../public_html/index.php on line 60

    My index.php file looked like this and I had to edit out the bad code (notice the references to blogspot.com) to make it work again.

    Their code appeared twice in the index.php code: 

    
									
    
								
    
								
								

								
    
									

									

									
								
    
							
    • 

	

	

	

	
							
  • 
								
    
									
    
										
											#2 /
										
										Aug 06, 2009 5:18pm
										
								
    
								
    
									


    
	
	
    Ingmar
    
	
		29245 posts
    
		
    
		
		
	    

    

									
    
										
    Thank you for your report. We take security very seriously and will do our best to work with you on figuring out what’s going on. 
    


    Let me start by saying that you are using a very old version of EE, over 2 years old. An upgrade is urgently recommended. Even if this is a dedicated server, the host should still be able to tell us how the attacker gained access.
    


    While we work through this, please check through these files:
    


     - path.php
    
 - config.php
    
 - index.php
    


    Make sure that there is no unusual code such as iFrames or Javascript includes; if you do find such code, or just to be on the safe side, replace your files with a freshly downloaded set. 
    


    In closing, let me stress once more the importance of upgrading to a more recent version of EE. It’s urgently recommended from a security point of view.
    
									
    
								
    
								
								

								
    
									

									

									
								
    
							
    • 

	

	

	

	
							
  • 
								
    
									
    
										
											#3 /
										
										Aug 06, 2009 5:23pm
										
								
    
								
    
									


    
	
	
    koi
    
	
		36 posts
    
		
    
		
		
	    

    

									
    
										
    Thank you for your report. We take security very seriously and will do our best to work with you on figuring out what’s going on. 
    


    Let me start by saying that you are using a very old version of EE, over 2 years old. An upgrade is urgently recommended. Even if this is a dedicated server, the host should still be able to tell us how the attacker gained access.
    


    While we work through this, please check through these files:
    


     - path.php
    
 - config.php
    
 - index.php
    


    Make sure that there is no unusual code such as iFrames or Javascript includes; if you do find such code, or just to be on the safe side, replace your files with a freshly downloaded set. 
    


    In closing, let me stress once more the importance of upgrading to a more recent version of EE. It’s urgently recommended from a security point of view.
    

    


    Those three files don’t see anything unusual at all and their permissions are set at 666.
    


    I will contact my web person concerning the upgrade.
    
									
    
								
    
								
								

								
    
									

									

									
								
    
							
    • 

	

	

	

	
							
  • 
								
    
									
    
										
											#4 /
										
										Aug 06, 2009 5:28pm
										
								
    
								
    
									


    
	
	
    Ingmar
    
	
		29245 posts
    
		
    
		
		
	    

    

									
    
										
    You should probably replace your EE files anyway, and an upgrade is definitely the cleanest solution. Have you contacted your host? Do they have anything to add at all?
    
									
    
								
    
								
								

								
    
									

									

									
								
    
							
    • 

	

						

					

					

						



					

				

			

		



	



				



	

		

			
			

				.(JavaScript must be enabled to view this email address)
			

		

		

			
ExpressionEngine News!

			
#eecms, #events, #releases

			

				

					
					
				

			

		

	






			


			



	

		

			
© Packet Tide, All Rights Reserved. Legal Notices

			

				

					
				

				

					
				

				

					
				

				

					
				

			

		

	






			
			
			

			


			
				





	
		
	
	

	

		

			











				
				

					

						

							
Username

						

						

							
						

					

					

						

							
Password

						

						

							
						

					

					

						

						

							Forgot password?
						

					

					

						
						
							
						
						
or Register