Hacked

who ever did this only got this site http://msgcpagan.com/Fusion1/php-files/news.php

and I just did a backup of my other site, It's a good thing I was going to close this one down any way so it's really not a problem, but something needs to be done about this, what about the people who care if this happens to their sites?

emberrains

Oh sure, we'll fix it, just give us 5 minutes. (sarcasm). Seriously, the very latest release of fusion is very secure. Stay up to date, maintain regular backups and be careful with 3rd party mods and infusions. I plan to start educating developers about security. don't presume we don't care about security, we take it VERY seriously.

Look at the infusions you might be using. Some are insecure. (that seems to be the biggest problem with hacking attacks lately)

I had the calender on that site, I'll make sure to remove the one on my other site, we don't use it anyway. thanks for the info.

ember

Yes, the calender Infusion is insecure, and probably the way the hacker got in to your site.

I had the same calendar on my site, anybody from this site suggest me the other one... maybe even better. Try it, if you want.

EDIT: What´s happened? I can´t add attachment... so just filename... aw_ecal_panel-0.5.7.zip

Instead of coming here and saying "What happened?! My site got H4X0r3d!!!!", why don't some of you check your server logs to see what happened? It isn't the fault of php-fusion's developers that your site got messed up, so don't lay it at their feet. The calendar mod was missing a few input checks, and that's where the vulnerability came in, but if any of you had bothered to check your access logs, you would have known that 5 minutes after the attack happened.