It shows you just how much I need this mod that even though a new version of sNews (1.6) has been out since May 16, 2007 it took me until two weeks ago to migrate from version 1.5.31 to sNews 1.6.0 - all because I had to have my mod even in the new version - and didn't have time to deal with porting it to the new version of sNews.

As I was called by raving fans from sNews community that I make this mod functional for sNews 1.6, I set out to do it. Thanks to that, this website is now on the latest sNews version and other sNews users can now follow the instructions on how to apply the Additional Article Position Options mod to their sNews 1.6 websites.

You have the option of simply taking an already modified clean snews.php file from here:

snews.php_add_article_position_mod_v16.tar.bz2 - 22,5KB

snews.php_add_article_position_mod_v16.zip - 25,3KB

(both files have identical content)

I apologize for the wait to everybody using this mod and it would be great to know how many sNews users depend on me to continue developing this mod or at least would like me to do that.

Yes, you can tell me by commenting on this article.

How can I not get mad? When I see a pornographic banner on top of my site. I AM mad. I am VERY mad but I'm going to focus my energy into getting even a more secure system, learning about and promoting security to others.
But here is the thing, I've already been quite security aware and my home system is quite secure, if I may say so - definitely more secure than most of them out there. But it seems it wasn't my system that was breached into - it was a vulnerability in the CMS I use, sNews.

I'm thankful to Luka and Mika, main developers of sNews CMS for supplying us all with a patch in less than 24 hours and everybody else who helped solving this. Bravo!

I was actually among the fortunate ones as my site didn't go down like it did to a friend of mine Patric for whom I feel very sorry. And everybody else who got somebody crack into their site - that's right, my site wasn't hacked into - as hacking is not all about breaking into other people's sites and posting inadequate content or doing any other harm. These are crackers who just know how to click "OK" and execute some exploit somebody else made. Ha! Hackers - you wish!

The first thing you should do now, after applying the patch from sNews forum , and which I recommend to everybody using the sNews CMS is to remove that little notion that says your site was barbecued by this CMS. It's the most obvious one and it won't solve your problem but that's probably the easiest way these crackers can find most of the sNews sites. Everything indicates that these crackers have used that to find sNews sites in this particular case: my logs say that the person who did this came from Google searching for this phrase and the exploit to which Luka at sNews Forum indicates looks like it's made to search for just that. I'll soon put a little picture there instead.

As far as I know for now, the cracker left one suspicious php file that my hosting says could be some kind of a shell script used to manipulate with my files but nothing like that happened because my server has phpsuexec option in PHP turned on, whatever that means.

Now I've got some questions that are bothering me:

• How did the cracker exactly gain control over my site?
• What exactly did the cracker gain control over? If it was just over my CMS, how did the cracker change my index.php file then?

So what I've done is I've implemented the mod into the fresh install of the latest sNews stable version (developers version 1.5.30) which you can download easily and use it as you please.

While I've done everything in my power to make this work, please don't hold me responsible if something doesn't work or if something brakes.
It is vital that you backup your snews.php file and your existing MySQL database , just to be safe and that you can switch back if you wish so later. (Just rename your existing snews.php file into something else and upload this modified one. And I've found some instructions for backing up your MySQL database for you if you've never done it before - it's a piece of cake, especially if you have PHPMyAdmin.)

I'd appreciate if you'd let me know if you find this mod useful.

snews.php_add_article_position_mod.tar.bz2 - 19,9KB

snews.php_add_article_position_mod.zip - 22,4KB

P.S. I haven't given up from writing the full explanation yet, it's just that this is immediate and the full explanation will have to wait a bit more...