Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Please Help SOMEBODY HAS STOLE MY SITE


Sweet16s

Recommended Posts

Posted

Hi there,

 

I think somebody has stole my page, can somebody please help, what do I do about it.

 

heres my site: www.sweet16ssexshop.co.uk

 

Please note this is an adult toys shop

 

it was fine yesterday now it comes up with as stated below when you click the logo to enter my store.

 

F3PN Gr0up Ownz Here

We're: OntCx and h4sh

 

[email protected]

 

please help I have worked on my site for 5 months and im loosing business

 

please any help appreciated on how to get it back

 

many thanks in advance

Posted

Hi,

 

I am quite a newbie here, but can't you just reload your files from your local PC.

 

I presume you have a backup on a local PC?

 

Sorry if this sounds basic.

 

Jeff

Posted
Hi,

 

I am quite a newbie here, but can't you just reload your files from your local PC.

 

I presume you have a backup on a local PC?

 

Sorry if this sounds basic.

 

Jeff

hi there,

 

thanks for the advice but I have tried that and im getting no where!!!!

 

I think they have done something to my domain

 

kind regards

clive

Posted

You've been hacked. ms2 doesn't have any glaringly obvious hacker backdoors like older versions of Oscommerce did.

 

The hackers have probably gotten into the Server and run a script to replace all the inex.php pages with their own.

 

The Server therefore is very likely to be compromised. You should contact the Host of your site. Here is another site on the same server: http://www.mudserve.net which shows the same page.

 

Short term , you should just replace the file index.php with a backup of your own. But this will keep happening again and again until the host locks down the server, and makes sure there is no rootkit on it. And obviously he'll need to close the backdoor that is giving the hackers entry!

Posted

I recall reading about this group a while back. F3PN is based in Brazil and specifically targets Linux systems using root exploits. They don't seem to hack for any reason other than that they can. You can find them on IRC on tornado.phey.net #f3pn

Posted

This happened to a friend of mine. He had a site hosted on his server that allowed users to upload files - someone uploaded a .jpg file that was not an image but rather a script. This file allowed a hacker to access his server over SSH as root and cause all kinds of damage. Apparently this vulnerability was present in Linux kernel 2.422 or somewhere around there - upgrading to the latest kernel patched it.

Chris Dunning

osCommerce, Contributions Moderator Team

 

Please do not send me PM! I do not read or answer these often. Use the email button instead!

 

I do NOT support contributions other than my own. Emails asking for support on other people's contributions will be ignored. Ask in the forum or contact the contribution author directly.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...