Ive been hacked!

[Guest]

Hi there all , if you take a look at my sitemy site you will see that i have been hacked, the admin area is protected by password, .

 

All products have been deleted and they have also changed the email address for contacts, just seeing if anything else has been altered,

 

Please i am looking for any advice available, how to prevent this again.

 

It should all be backed up (I hope) though I am just waiting for the guy who does a lot of work on it to confirm this so may need more help.

 

 

AGHHHH!!!

 

Pete

[Guest]

Geez, that sucks. I feel for you. When you get it back up aside from password protection you need to rename your admin folder (to a secret name) and update your configure files accordingly.

[dave111]

The may have never had access to your admin area...

 

Its possible that they just accessed your database directly and removed/changed data.

 

I'd change your database username/password, just to be on the safe side. (you'll need to update this info in your includes/configure.php)

[Shalivar2]

How horrible for you! We all need to learn how to keep our sites as safe as possible!

 

 

Shalivar

[Guest]

wow that really sucks :( how does one avoid this, and unless they are his server admin - how could they access the database directly?

[ozEworks]

good question. I know you can load phpmyadmin and access a database but I always thought it had to be under the domain.

[Guest]

my phpadmin is password protected via my cpanel?

[Guest]

if they have your database password they would just need to run SQL statements remotely

[Guest]

how could somebody get your database password, aside from actually giving it to them?

[Guest]

to my knowledge there is no way anybody could have had acces to any of the passwords, i can see the point about renaming admin but as for db passwords there are only 2 of us that know them.

 

I hope that this serves as a warning to all of you as if this thread saves one of you it would be worthwile.

[Guest]

it would be more helpful if we knew how they got in ;)

[Darklings]

Sorry to hear that happened to you foinavon..

 

I hope that this serves as a warning to all of you as if this thread saves one of you it would be worthwile.

 

But i dont see how this topic can save us - if we have no clue how your site was hacked - how can we protect us more then?

 

Hope you'll be able to find out how they did so you can secure your shop more and tell us about that. That would help imho.

 

 

Kind Regards,

Tom

[Guest]

darklings.. all i meant was that if ppl rename the /admin file to be a bit more secure.

 

do you have any idea of how we can try and work out how it was hacked.

 

I have deleted the hacked by bramvnr tags as it didnt look too good!!

 

Pete

[Darklings]

hi foinavan,

 

do you have any idea of how we can try and work out how it was hacked.

 

No, actualy i dont, i'm a n00b in such things. But am just curieus to how i best protect my site - cause i wouldnt like a hack like that!

 

But what just happened to you? your pictures got changed by a hacker? or did all your products just got deleted? thats all? or did your privacy text - shipping etc got deleted too? looked like your picture at your index page was untouched?

 

one more question - do you have the filemanager still in your admin? Might be a wise move to delete that one too.. not only a link to it but delete the page from your website....

 

Kind regards,

Tom

[MarcoZorro]

If you have been hacked then you need to speak with your webhost.

 

You need to analyse the server logs to find out what happened.

 

How is your projects page built? Are the pages loaded from the database or are they included files?

[Harald Ponce de Leon]

Brian is right. The only person/people that can help you out is your hosting provider, as they have the only means to inspect your webserver access and error logs.

 

Inspecting the logs can then show how access was gained, if it was done through osCommerce, an osCommerce contribution, or through another solution you have installed on your server.

 

Removing features from the administration tool (ie, file manager) doesn't make sense. If entry is gained to the administration tool, then removing the file manager is not going to prevent them from deleting the data elsewhere (customers, orders, products, ...).

 

Please keep us informed of your findings!

[boxtel]

Brian is right. The only person/people that can help you out is your hosting provider, as they have the only means to inspect your webserver access and error logs.

 

Inspecting the logs can then show how access was gained, if it was done through osCommerce, an osCommerce contribution, or through another solution you have installed on your server.

 

Removing features from the administration tool (ie, file manager) doesn't make sense. If entry is gained to the administration tool, then removing the file manager is not going to prevent them from deleting the data elsewhere (customers, orders, products, ...).

 

Please keep us informed of your findings!

 

Perhaps this is just a DB recovery mixup at your host ?

 

I mean, if anybody with bad intentions had gained access to your database, they could have made things much worse for you than they have done.

[MarcoZorro]

Perhaps this is just a DB recovery mixup at your host ?

 

Unlikely... take a look at

 

http://www.lstshop.co.uk/catalog/pages.php...e=projects_page

 

I still suspect pages.php is the source of the intrusion but thats only a gut feeling :)

[Guest]

Just wanted to say, sorry. Also, FYI I got a redirect when I clicked on your link.

[bohemiattic]

Hi Pete,

 

You may want to run sweepers on your personal pc or whichever one you access the store's backend from, since a common way hackers will get your password is by watching you type it. It is sometimes possible to "spy" from their computer remotely depending on any number of scenarios. This is especially true if you have been downloading anything from a questionable source lately. Just a thought.

 

Hope things get better for you,

Thalia

[Guest]

thanks for the support.

 

Spoke to the hosting provider this am, they were substantially less than helpful to say the least. I have emailed the support side of them as advised but no feeback as yet.

 

All products were deleted, though yes it could have been much much worse which makes me think that it was not through admin,

 

The you are being watched was something we put in just playing about with animations.

 

I suspect it was through the sql database which may not be hidden by the hosting provider, does this make any sense.

 

Pete

[Guest]

if that's the way your host is, i would move my website.

you could have lost a lot of sales due to that hack. you never know who was looking to spend a healthy chunk of dough, and then they go to your site and see "you got hacked" all over the place.

 

if i came across a site like that, i'd leave and would never go back. it makes your company look very insecure.

 

i would also remove all statements of the intrusion from your store - even the "we're watching you" page. if i was a shopper and came across that, i'd go find another shop.

[kirchenbauer]

Who is your host, if I may ask?

 

I just had a hacking problem, but it was a little

different. Someone placed a Trojan file in

my Catalog directory. The file was called

up.php and I have no idea how they were

able to access my directory. I did change

my passwords after that.

 

Are all of your regular files still there? Are

there any "extra" files?

 

I'm sorry to hear about that, but glad to

hear that your site is regularly backed up.

 

If you figure out how they got in, would you

mind posting it here for us?

 

Good luck,

Sherry

[Guest]

we have worked out how it was hacked but now need to make it secure before plastering it all over the place...

 

will let you know later today more than likely.

 

just to say it was very simple.

 

Pete

[Mediajuggle]

1. who is your hosting company?

2. are u on a dedicated or shared server?

3. So how were you actually hacked?