Guest Posted October 1, 2005 Posted October 1, 2005 well? what was the cause? did you at least report the bug, if it was due to a vulnerability in oscommerce?
Guest Posted October 1, 2005 Posted October 1, 2005 Installation method of osCommerce: 1. Manual - uploading, configuring database name & password and protecting the admin area (password protection) 2. Fantastico - this is usually provided by the webhost. I used Fantastico for my latest osCommerce installation. But I dont know IF somehow some crackhead could manipulate some vulnerabilities either because of the Fantastico, the MySQL, or the osCommerce itself. My previous installation which was manually done - I used the DirectAdmin control panel - Password Protected Directories - to protect my admin. This case calls for better security and better technology incorporated into osCommerce so that newbies (to webmastering and eCommerce owners) will not get screwed by some people who either do this for fun, or as BUSINESS SABOTAGE!
Guest Posted October 1, 2005 Posted October 1, 2005 i don't think using fantastico makes a difference, unless it's an outdated version. as far as i know, fantastico is no different than going to the publisher's website and downloading it.
knifeman Posted October 4, 2005 Posted October 4, 2005 we have worked out how it was hacked but now need to make it secure before plastering it all over the place... will let you know later today more than likely. just to say it was very simple. Pete I sure would like to know what needs protecting! When are you going to post the solution? Tim
isabellejolie Posted October 4, 2005 Posted October 4, 2005 Geez, that sucks. I feel for you. When you get it back up aside from password protection you need to rename your admin folder (to a secret name) and update your configure files accordingly. hi, after reading about the hacking, i'm really fearful. on your advice, i will change my admin to a secret name but i am unsure what to do in the configure files. can you point me in the right direction? thank you. isabelle Isabelle Jolie "Vision without action is a daydream. Action without vision is a nightmare."
Wendy James Posted October 4, 2005 Posted October 4, 2005 All you have to do is change the word "admin" to whatever you change your admin folder to on your configure files. Wendy James Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep.
isabellejolie Posted October 4, 2005 Posted October 4, 2005 All you have to do is change the word "admin" to whatever you change your admin folder to on your configure files. hi wendyjames: is it just the one file...configuration.php which is in the admin folder? i did a search in my configuration.php file for the word admin and nothing was found? thanks for your help. Isabelle Jolie "Vision without action is a daydream. Action without vision is a nightmare."
Jumping Rabbit Posted October 4, 2005 Posted October 4, 2005 1. after an install always delete the install folder.... 2. after the install set access control/password for your admin... 3. well if u dont, even if u change tha name and some lucky hacker finds it or if u dont change it about anyone can access your admin, go to your file manager, read or download your config files easily and gain access to your mysql that way.. The point..take care... Faster Checkout - osCommerce Knowledge Base - Anyone meet offline?, Has anyone of you cyberkids meet offline? For newbees do atleast read this 4 points: Basic info - Search tips and help - Posting tips and help - Basics for Design
ozEworks Posted October 6, 2005 Posted October 6, 2005 well we have not been given any concrete information here about that hacking incident. it sounds all very mysterious and also like a prank.
WiseWombat Posted October 7, 2005 Posted October 7, 2005 well we have not been given any concrete information here about that hacking incident. it sounds all very mysterious and also like a prank. The answer might be here.Take a look at this post about 2 to 3 months back. http://www.oscommerce.com/forums/index.php?sho...36entry667136. I looked up your site and found it here I would say they accesses your site the same way. I would recommend that every one rename the admin. http://www.google.com/search?q=intitle:osC...en&lr=&filter=0 ( WARNING ) I think I know what Im talking about. BACK UP BACK UP BACK UP BACK UP
Guest Posted October 28, 2005 Posted October 28, 2005 yeah, you worked it out. it was found through a google crawl but the problem was that there was 2 instalations, 1 testing and 1 fgunctioning both in different directories but running the same db. Unfortunately i never got the info like some of the others but it was the same guy BRAMVNL
Guest Posted October 28, 2005 Posted October 28, 2005 :blink: can't believe google maped all these pages of a single domain because the admin directory was open. I am thinking.. :lol: maybe I should use it as an seo tool having a faked admin directory "open" :lol:
Thomas_Burke Posted October 29, 2005 Posted October 29, 2005 yeah, you worked it out.it was found through a google crawl but the problem was that there was 2 instalations, 1 testing and 1 fgunctioning both in different directories but running the same db. Unfortunately i never got the info like some of the others but it was the same guy BRAMVNL Wow, I can see your admin area My contributions
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.