Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

SPAM - Injected everwhere!

Go to End

5 Posts   1107 Views


Community Member, 13 Posts

23 September 2009 at 2:13am

Edited: 23/09/2009 2:14am

Hi guys. I am having a serious issue with spam and I'm not sure where it is coming from. Spam links are being injected into all pages on page load before the <doctype>, and in the CMS backend on every 'publish' spam being crammed into every space it can fill causing all sorts of errors. I fixed this a couple days ago by deleting the Sapphire directory and replacing it with a fresh version, but the problem is already back. I sent a security message off to the SS team a few days ago.

Anyone know what's causing this? My client is going crazy - and rightly so. I've checked all file and directory permissions and everything looks good there. If replacing the sapphire directory fixes it then I guess the problem lies there. Any specific ideas of what to look at?


Community Member, 283 Posts

23 September 2009 at 2:47am

Sounds like your host been compromised or you've installed some rogue module. Are you sure it is happening in the Silverstripe CRUD operations and not some kind of cross loaded JS? Can you share the client site so we can see exactly what kind of 'spam' is happening here?


Community Member, 13 Posts

23 September 2009 at 7:18am

The first time it happened it manifested itself like this:

Call from client saying they can't 'Publish' any changes to pages.

I log in, hit publish on a page, and get the 'Javascript Parse Error'

I check firebug and see that all the form data is being submitted, but at the bottom of the submission is a giant mass of spam.

I replaced the sapphire directory and the problem was temporarily solved.

This time it happened like this:

Call from client saying they can't log into the CMS backend.

I check and indeed I can't. I view the source code and see a giant pile of spam at the very top of the document.

I browsed around the site and saw that this spam was being put on the top of every single page.

I replaced the sapphire directory and the problem has been temporarily solved.


We are running the DataObject_Manager module by UncleCheese, as well as the Calendar_Event module, the Has-Many File Manager, the User Forms module, and the Slide Show Gallery module (not officially released) by UncleCheese.

All of these modules have been edited and customized by me, some more than others, but strictly the PHP.

Has anyone seen this problem like I describe? Most of what I see when searching the forums for 'Spam' is the standard issues about captchas, etc. I'm going to compare my bad Sapphire directory side by side to a good one and try to find any file differences (that I didn't make myself).

I unfortunately can't share the client site. :(

Thanks all!


Community Member, 283 Posts

23 September 2009 at 7:56am

Hmm, offhand all I can think of is that someone has added a auto_append_file in the php.ini (or perhaps is setting something in an auto_prepend_file). If you're seeing this in every PHP processed request check the value of those with ini_get.

However I don't think this is a common issue among SS'ers. Do let us know what you find.


Community Member, 545 Posts

28 September 2009 at 5:40am

I had this happen on one of my sites. My sys admins system was compromised by a Flash/PDF exploit, The exploit would take his FTP passwords and use them to modify web docments. On my SS sites it added the code to main.php. Try changing your FTP passwords and run a virus scan on your system and your clients.