Suspicious code in CMSimple_SH index.php

A place to report and discuss bugs - please mention CMSimple-version, server, platform and browser version
Post Reply
Tata
Posts: 2870
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Suspicious code in CMSimple_SH index.php

Post by Tata » Sun Mar 12, 2017 8:27 pm

Is this familiar to you?

Code: Select all

<?php
/**
 * @version $Id: index.php 1173 2014-01-13 18:25:54Z cmb69 $
 */
/* utf8-marker = äöüß */
$qs = str_replace(array('%E4',    '%F6',    '%FC',    '%C4',    '%D6',    '%DC',    '%DF'),
                  array('%C3%A4', '%C3%B6', '%C3%BC', '%C3%84', '%C3%96', '%C3%9C', '%C3%9F'),
                  $_SERVER['QUERY_STRING']);
if ($qs != $_SERVER['QUERY_STRING']) {
    $loc = 'http'
        . (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 's' : '')
        . '://' . $_SERVER['SERVER_NAME']
        . ($_SERVER['SERVER_PORT'] < 1024 ? '' : ':' . $_SERVER['SERVER_PORT'])
        . preg_replace('/index.php$/', '', $_SERVER['SCRIPT_NAME']) . '?' . $qs;
    header("Location: $loc", true, 301);
    exit;
} else {
    unset($qs);
}
include('./cmsimple/cms.php');
?>
It seems to be similar to uri-char-old/uri-char-new. But where ist it from?
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

cmb
Posts: 12893
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by cmb » Sun Mar 12, 2017 10:27 pm

Tata wrote:It seems to be similar to uri-char-old/uri-char-new. But where ist it from?
I'm not sure – maybe somewhere from the forum. This code is supposed to fix incoming links for an old "ANSI" encoded CMSimple installation to UTF-8.
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Tata
Posts: 2870
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by Tata » Sun Mar 12, 2017 10:38 pm

But I haven't put this code ever into any file. Today I checked the subdomains and have found new size of main index files. And found this code inserted in two of them.
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

lck
Posts: 1364
Joined: Wed Mar 23, 2011 11:43 am
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by lck » Mon Mar 13, 2017 8:21 pm

cmb wrote:I'm not sure – maybe somewhere from the forum.
Seems to be from here.
„Bevor du den Pfeil der Wahrheit abschießt, tauche die Spitze in Honig!“   👉 Ludwig's XH-Templates for MultiPage & OnePage

Tata
Posts: 2870
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by Tata » Mon Mar 13, 2017 8:36 pm

Well, I have understood that the code doesn't harm anything. But anyway, I can't understand how has it appear in these only two specific files. There are about twenty other installations in my subdomains.
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

cmb
Posts: 12893
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by cmb » Mon Mar 13, 2017 10:02 pm

lck wrote:
cmb wrote:I'm not sure – maybe somewhere from the forum.
Seems to be from here.
Indeed! Thanks for looking that up. :)
Tata wrote:But anyway, I can't understand how has it appear in these only two specific files.
I wouldn't mind. Just delete the code if it is unnecessary. :)
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Tata
Posts: 2870
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by Tata » Mon Mar 13, 2017 10:42 pm

That's what I did.
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

Tata
Posts: 2870
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Re: Suspicious code in CMSimple_SH index.php

Post by Tata » Mon Mar 13, 2017 10:43 pm

Maybe this made the problem with broken URLs?
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

Post Reply