Site Compromised

[andyw59]

Hi All

I was running a site using WebsiteBaker 2.6.5 - only additional module installed was Gallery - no login allowed only search.

I received an email from Google saying "Dear site owner or webmaster of yvonneward.co.uk,
 
We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):"

I downloaded index.php from the root directory and discovered it was infected with JS/Psyme, which apparently is a downloader or trojan.

Is this a problem with my ISP or with website baker.

I have now upgraded to 2.6.7 in the hope that this will stop it happening again.

Thanks
Andy

[doc]

Hello,

if you have not installed any other WYSWYG editor (e.g. FCKEditor < 2.75), the hack is most likely related to server configuration, not to WB. There is no known vulnerability except some older WYSIWYG editors for WB 2.6.5 or higher.

Regards Christian

[ruebenwurzel]

Hello,

in addition to christian you can prevent changes on index.php or on config.php by setting chmod to 444.

Matthias