Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Goallover.co.uk Store Hacked...Help...

MayorSadra

By MayorSadra
in General Support

Recommended Posts

MayorSadra

MayorSadra

Posted
Posted

Hi,

 

I'm the webmaster of Goallover.co.uk which is a DVD Media online store.

 

We've been hacked through the admin part of the store (which is by osCommerce).

 

As you may see, some foolish Hacker changed our pages:

http://www.goallover.co.uk/shop/catalog/index.php?cPath=58

 

The control panel for the store still shows as if the catalog is alright, and according to our hosting company, the problem relies with the Catalog part of the store.

 

i couldn't find any technical support phone number, and I would highly appriciate any help.

 

Regards,

Mayor Sadra

Goallover

Link to comment
Share on other sites
Simplyeasier

Simplyeasier

Posted
Posted
Hi,

 

I'm the webmaster of Goallover.co.uk which is a DVD Media online store.

 

We've been hacked through the admin part of the store (which is by osCommerce).

 

As you may see, some foolish Hacker changed our pages:

http://www.goallover.co.uk/shop/catalog/index.php?cPath=58

 

The control panel for the store still shows as if the catalog is alright, and according to our hosting company, the problem relies with the Catalog part of the store.

 

i couldn't find any technical support phone number, and I would highly appriciate any help.

 

Regards,

Mayor Sadra

Goallover

 

When you set your store you DID not user \ pwd protect admin (ask me how I know in a PM) - THIS IS THE PROBLEM - some idiot has found out your admin is not secure (they must have a lot of time on their hands) gone into admin and changed things.

 

YOU MUST PROTECT ADMIN

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

What's the first piece of advice you see on the default osCommerce homepage? Rename 'admin' and password protect it.

 

It's sad that it happened - but if these a***h***s didn't do it then some others would have.

 

Vger

Link to comment
Share on other sites
dave111

dave111

Posted
Posted

Looks to me like all they did was overwrite the index.php...

 

All the other pages in your store are still working.

 

Just re upload index.php and you should be fine

Link to comment
Share on other sites
MayorSadra

MayorSadra

Posted
  • Author
Posted

Hi People, thanks for the replies...

 

Unfortunatly I'm the new guy in the company...and the fact that there was no password was a mistake made by the old guy...

 

Is there a way to restore the index.php from the admin if there wasn't any backup up to the point of hacking?

 

also - I couldn't find where to add a user name / password...it did seem strange that i can just hit a link and enter the admin gui.

 

Thanks,

Mayor

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

If the store hasn't been modified or contributions installed that would effect the index.php you could download the ms2 files from oscommerce here and just reupload the index.php file for admin.

 

But you really need to protect the admin at the very least.

 

Here is a tool that will help you if you need it:

 

htaccess Password generator

 

Just follow the directions on the page.

 

 

HTH

 

Mike

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Also, your database user and pass has been compromised because of the file manager, better change that also.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...