website baker 2.6.4 hacked

[Availor]

I just came back from my trip to Greece and recieved a little "surpirse"
http://www.asce.co.il/

I was using version 2.6.4 - I wonder how can I fix this and prevent from happening again? I assume that the database was not hacked and I can still access the admin.

Any comments?

[chio]

complex baker templates

Mostly there are not security holes in websitebaker, but in javascript and php-funnies, someone put on his webspace. And there are security hole in older WYSIWYG-Editors.

[Availor]

In my version of the site I used only tabs - made with dreamweaver CS3 (I assume adobe software do not have security holes). Other than the tabs there were no other javascripts. More over it was only for the first page - other pages were simple css template with no javascript so.... I guess it's websitebaker.... I am going to reinstall version 2.7 but I sure hope it will solve the problem 

[cnwb]

It's a shame someone has to go to the expense of others to pull this kind of crap!

I see you were using 2.6.4 hope you had a backup of site.

I would move up to the latest version 2.7

Anyone else having security issues using 2.7 or below?

[centran]

This could be WB fault or not.

There are many vulnerabilities out there. For all you know they could have cracked cPanel... assuming you have your site hosted by someone else and they use cPanel.

It doesn't matter if that is not the case. My point is that there are many ways to hack a website that have nothing to do with WB. Seeing as how you said it was only for the first page then I am betting they got in through some other means. Heck!, they could have gained FTP access to your server.

Normally with this type of hack, they only deface the main/first/home page. You need to figure out how they got in becuase they will just do it again. If you are using a host then contact them ASAP becuase they might be the only ones who can plug the hole.

[kweitzel]

With every site reported here which seems to have been hacked via WB it wasn't WB at the end. Please do check your server logs for this. More information about the known security vulnerabilities you can find here: http://www.websitebaker2.org/forum/index.php/board,30.0.html

As of this point we do not have known security vulnerabilities in 2.7

cheers

Klaus

[Availor]

The file that got hacked was index.php - once I rewrote it all was restored. My server uses h-sphere and not cpanel and no one buy me has access to FTP.

I will reinstall version 2.7 since I was planning to remove the site anyway but it still makes me wonder how they managed to manipulate the index.php file eventhough the persmissions to modify it are not granted.

In any way hope this will not return in 2.7

[kweitzel]

Can you please explain a bit indepth how the hacker got into your system? Especially since you are so set on WB beeing the culprit.

Your changed index.php is in my opinion only the result of the hack and not the way the hacker got in.

cheers

Klaus

[Bramus]

If some does a webapplication hack it will get the Apache rights most likely, and then they have the rights to modify. As said here above check you logs and try to see what happened. Also check the modify date of the index file so you can search a bit easier in the logs