Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site hacking


Desertsky

Recommended Posts

I have just been informed for the second time that my shopping cart has been hacked with an email program that is sending out spam. It was inserted into the catalog/images directory and the folder name was PHPSM. It contains four PHP files named index.php, head.php, foot.php and mysql.info.php. All files were dated april 24, 2004.

 

I cannot delete or chmod these files! I have asked my hosting service to delete these for me.

 

Anyone know how these get into the catalog? I have checked another install and they are not there. I have installed a few contributions but I hope that these were not the source!

Link to comment
Share on other sites

I have just been informed for the second time that my shopping cart has been hacked with an email program that is sending out spam. It was inserted into the catalog/images directory and the folder name was PHPSM. It contains four PHP files named index.php, head.php, foot.php and mysql.info.php. All files were dated april 24, 2004.

 

I cannot delete or chmod these files! I have asked my hosting service to delete these for me.

 

Anyone know how these get into the catalog? I have checked another install and they are not there. I have installed a few contributions but I hope that these were not the source!

Hi take a look at this thread.

A spammer can use your contact_us.php to send out spam.

You will also find the fix in this Thread.

 

http://www.oscommerce.com/forums/index.php?showtopic=162664&hl=

( WARNING )

I think I know what Im talking about.

BACK UP BACK UP BACK UP BACK UP

Link to comment
Share on other sites

Hi take a look at this thread.

A spammer can use your contact_us.php to send out spam.

You will also find the fix in this Thread.

 

http://www.oscommerce.com/forums/index.php?showtopic=162664&hl=

 

Thanks fro the link. Although it was mostly unrelated to my issue, it did have some useful information. I found an entire mail bomb program inserted into my oscommerce site. It has been cleand out and I now need to make sure everything is still functioning.

Link to comment
Share on other sites

Thanks fro the link. Although it was mostly unrelated to my issue, it did have some useful information. I found an entire mail bomb program inserted into my oscommerce site. It has been cleand out and I now need to make sure everything is still functioning.

 

Well, my hosting service was able to delete all the offending files (about 40 all together). Thanks Hostrocket!

 

They also suggested that I put an index.htm in each directory that would be vulnerable to hacking as this prevents someone from seeing what is in there. A simple redirect to your main site index works.

Link to comment
Share on other sites

Well, my hosting service was able to delete all the offending files (about 40 all together). Thanks Hostrocket!

 

They also suggested that I put an index.htm in each directory that would be vulnerable to hacking as this prevents someone from seeing what is in there. A simple redirect to your main site index works.

Putting an index.html file will work with everything eccept within the admin as it willl create an error when altering setting in the admin mystore as the html index is called rather than the default.php

( WARNING )

I think I know what Im talking about.

BACK UP BACK UP BACK UP BACK UP

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...