Topic: Possible Security-Breach?
I have already solved that problem, see next post
I am using CuteNews on my website and was currently informed by Stratos SiteGuard that someone ran a script on my server, in which I only include the "show_news.php" of CuteNews. Literally, the file only consists of (old) HTML-Code and the includes. The hacker seemed to perform some "create" and "rename-to" - "rename-from"-Actions, starting from an unknown file called "online.php-someNumbers.bak". However, the breach doesn't seem to permit him to many permissions as he firstly creates such ".bak"-files an then rename them. Further, those files include code which I interpret as some Brute-Force-Attack:
For instance, there is a file called "users.txt" which consists mysterious code and some random letters (probably encrypted code), but also a "conf.php" with a huge list which is built of the same principle. Moreover, I can see the folders called "users", "news" and "btree", all including those mysterious files and lines of code. Interestingly, the required folder "CDATA" is the only affected folder, as far as I have checked the server.
Thanks and see you soon