...to inject bad SEO and links into Google. And, possibly collect info on my visitors?
Not entirely sure how it got in...the timestamp of the affected files is Apr 1, 2012. But, that was also the date that I upgraded to version 4.1.3, previous version was 4.1.2 done on January 16th....before that I was on 3.3.3 (Feb 14, 2010).
I do weekly backups of my site, so I narrowed down the alteration to having taken place between May 21st and May 28th.....though it wasn't easy...since I expire stored backups after 6 months....though fortunately I still had backups of my backups, so I could go back to before April 1st...and see that the file did change between March 26th and April 2nd, but php code wasn't prepended until later.
Perhaps I need to keep up on updates closer...
In the 4.1.0 line, the release dates were:
2011-09-08 - 4.1.0
2011-10-03 - 4.1.1-beta
2011-11-02 - 4.1.2
2012-03-02 - 4.1.3
2012-04-03 - 4.1.4
2012-07-24 - 4.1.5b
2012-11-23 - 4.1.6
Currently anything less than 4.1.6 isn't recommended. I see that 4.1.4 contained fixes against SQL and JS injection. Hmmm....
Wonder if I need to do some kind of change detection to my backup process....
Its hard to upgrade when there aren't diff bundles (which is why I stayed at 3.3.3 for so long), though I'm getting better at keeping my customizations out of the core (or fixing bugs on my own...) Plus discovering Meld has helped as well. Was interesting that one time, it showed diffs between releases, but no diff between latest release and my version. The bug I fixed got fixed the same way.... Though I think I have Meld ignoring differences in end of line and white space.... since the distribution files are CRLF, and I'm on Linux/FreeBSD...and the files are apparently such that vim can't figure out if its DOS and hide the ^M's or not.
Hopefully the upgrade to 5.0 will be simple...
In the history of my site...I was on 0.9.2 on June 7th, 2006 (released May 22)....from 0.9.0.12 on July 23rd, 2005 (released May 6). And, then finally upgrading to 2.4.1 on April 27, 2008 (released Mar 16), though prompted in part because I switched hosting providers....worked up to 2.4.7 on September 6, 2009 (released May 27)....and then to 3.3.1 on September 8, 2009 (released August 8). I did the upgrades to 3.3.2 and 3.3.3 on February 14, 2010 (3.3.2 was released Nov 9, 2009 and 3.3.3 was released Dec 15, 2009).
Guess it was good that I have my sites with Google's Webmaster tools...so that it could send me a "Notice of Suspected Hacking on ..." and stopped crawling my site until I address the problem.
And, looks like only my sites that are b2evolution were affected, my other sites are also 4.1.3 and hadn't been upgraded since.... Though its strange, since those sites were setup with fewer customizations with the intent that upgrading them would be easier. But, I had been thinking of shutting down the sites....
Pages: 1· 2