cmsmadesimple.org defacement
Sep 18, 2007 by Tatu Wikman
The fastest of you noticed the defacement of cmsmadesimple.org site several days ago. The site had been defaced by a script kiddie. The actual script that had been used was r57shell (google). Its a litlle tool one can use to upload / download and query stuff from the server.
The script had been there for a while and gone unnoticed as it wasn't used for anything else than removing the log entries from that time :/
One thing is certain, the hole they have used is old, it looks like the FCKEditorX filemanager hole was used, but we cant be sure.
We have checked that the release files are intact, and as far as we know no data has been compromised.
We are still trying to dig more info about this incident, and are in the process of securing the server up a notch.
Sorry about the problems.
© Copyright 2007 by CMSMS™ and the posts author(s). All rights reserved.
4 Responses to "cmsmadesimple.org defacement"
On: Sep 19, 2007, Daniel15 said:
Perhaps you should disable commands like exec, shell_exec, system, etc. on the server? This would make problems like this non-existant.
On: Sep 20, 2007, tsw said:
Easier said than done, we have lots of custom built scripts (translation center for example) that needs to be able to interact with svn..
http://www.outpostministries.org
On: Sep 21, 2007, Ross Olson said:
http://wiki.cmsmadesimple.org/index.php/Main_Page shows up as dark print on a dark background and cannot be read on my computer. Is that still part of the defacement or is there something I have to do to be able to see it properly?
Thanks
On: Sep 23, 2007, tsw said:
Wiki looks correct to me.
