Same happend to me yesterday, i got a mail saying :
Martin K: Malware uploaded through weakness in outdated PHP-fusion script.
Martin K: You must:
Delete files uploaded by hacker
Change MySQL password
Remove weak script or fix weaknesses
Files uploaded by hacker:
Please note that this list may not be complete.
Please check all your files to make sure the malicious files are all removed.
From the logs you sent your site was "hacked" using a a custom page. Which could mean that you gave someone this right to make a custom page or an account was "hacked" and a custom page made to upload files and / or any other attack.
» Attach Log Files and Screenshots when reporting issues
» My support days are usually Mon-Thurs. Send me a PM if urgent.
In my opinion its a shell attack. Someone most likely uploaded a shell from another domain on the same server as your website. Upon initiating the shell commands, they're able to upload / make changes throughout the entire server.
Doesn't matter if your protected or not with PHP-Fusion.
I would take this issue up with your hosting provider and demand actions be taken.
In fact the attack method takes place way before PHP-Fusion was even drafted for development.
I remember it being used against me in my PHP-Nuke days. Quite simple process really..
I'm actually working on a security system for PHP-Fusion just now. I will not say it will STOP Hacking completely and I will not say it will stop these things from happening but it will help as another defence shield and certainly put them off trying since it's a waste of time they keep getting booted to google instead. Anyway More on that at another time. ;)
Helping, would be pointing you in the right direction, not doing it all for you.
Do you guys know if exec or shell_exec functions are enabled on your servers? I know it could be a breach if your site is on a shared server but just wondering if its people running insecure applications on their site....
You can view all discussion threads in this forum. You cannot set up a bounty in this discussion thread. You can start a new discussion thread in this forum. You cannot reply in this discussion thread. You cannot start on a poll in this forum. You cannot upload attachments in this forum. You can download attachments in this forum. You cannot up or down-vote on the post in this discussion thread.