global.php edited by a hacker, xml and HTMl files added
 

<div>I was recently hacked. I have the original vB code in a SVN repository so I can quickly see what happened. Here is the outcome:

./global.php

1 line of code added at line 21:

Quote:
require_once(CWD . '/includes/xml/cp.xml');

The above XML file was added to the server (attached). As well as a HTML file in the same directory. This is the third time the hack has happened, first time was running 3.7.0, I then upgraded to 3.8.5 and turned off all products (although my products were only template edits).

Has anyone else seen this? Rackspace (my hosting company) assures me the server has not been compromised.

Here is a sample of the HTML file:

Code:




Don't Wait! Order Viagra And Cialis For The Best Prices Now!










http://family-pharmacy.net/themes/bl.../home_over.gif
http://family-pharmacy.net/themes/bl...llers_over.gif
http://family-pharmacy.net/themes/bl...ducts_over.gif
http://family-pharmacy.net/themes/blue/img/faq_over.gif
http://family-pharmacy.net/themes/bl...tacts_over.gif
http://family-pharmacy.net/themes/bl..._menu_li_1.gif
http://family-pharmacy.net/themes/bl...i_1_active.gif
http://family-pharmacy.net/themes/bl...li_1_hover.gif
http://family-pharmacy.net/themes/bl...nu_li_star.gif

Attached Files

• http://vb.ma7room.com/xml.gif cp.xml&lrm; (3.5 KB)