Those lines of code are just base64-encrypted Code and the reported file is just a logfile of users who visited the website. Hence, the "hacker" is actually the system itself ..and those "Brute-Force-Attack" is only a file consisting the registered users.. The SiteGuard reported some false-positives and I shit myself for no reason I guess

I have already solved that problem, see next post

Hi there,

I am using CuteNews on my website and was currently informed by Stratos SiteGuard that someone ran a script on my server, in which I only include the "show_news.php" of CuteNews. Literally, the file only consists of (old) HTML-Code and the includes. The hacker seemed to perform some "create" and "rename-to" - "rename-from"-Actions, starting from an unknown file called "online.php-someNumbers.bak". However, the breach doesn't seem to permit him to many permissions as he firstly creates such ".bak"-files an then rename them. Further, those files include code which I interpret as some Brute-Force-Attack:

For instance, there is a file called "users.txt" which consists mysterious code and some random letters (probably encrypted code), but also a "conf.php" with a huge list which is built of the same principle. Moreover, I can see the folders called "users", "news" and "btree", all including those mysterious files and lines of code. Interestingly, the required folder "CDATA" is the only affected folder, as far as I have checked the server.

Thanks and see you soon


Additional fields-> Form:

Field Type: Image/Resource
Name: Thumbnail01

->Add/Replace field

Write into your template:
Into 'Active News'


->'Save template'

-> Add news

Thumbnail01 Form: Select your image

Post the news.

Greetings John

Thanks John, that worked for me as well. A little hint that may save some minutes of try'n'error: As shown above use {name}, for instance {price}, for every single additional field. Also, if you use those [if]-queries, remember to end the line for every query, otherwise it will result in errors.

Thanks again and see you soon

PS: John, I hope you received my pm, it didn't show up in the sent folder...

No @ admin panel -> templates

Should do the same, actually. Found my code in the template, however, it didn't work either way. Any more ideas?

Thanks for your help though :-)!

EDIT: By the way, do I need to add that codesnippet (with its unique name) for every additional field I created?

Hello Ne0,

to display the additional field you must set it in your template:



[if {additionalField_name}] * {additionalField_name}


Hello Perry and thanks for your quick reply. However, I couldn't make it work. Do I need to replace the "name" with the name I set in the backend for the additional fields? I tried both versions as well as the "replacement version", none worked. I added your line in /skins/base/defaults/templates.tpl in the "*active"-section. What did I miss?

Good night

Hey everyone,

first of all, I'm from Germany and I might fail to describe the issue and express myself correctly due to the foreign language. However, I deeply hope that you'll get anything straight away.

Also, I explored CuteNews for the first time and sucessfully made it work until I stuck at the additional fields, more precisely on it's display. I figured out how to create fields, but failed when I tried to show those fields on the frontend.

Is there anything further I need to include or any variables I need to set when I include the "show_news.php"?

For instance, I created two checkboxes and a price field, so how do I display them in the news?

Thanks for any help and instructions and see you soon