Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCommerce Hacked


MtnHermit

Recommended Posts

One of my clients had their install hacked and the hacker installed several files in the /catalog/images directory. The files sent caused spam to be sent out from the clients account resulting in it being suspended Somehow the permissions have been set on the installed files so they can not be changed and the files can not be deleted through the client account or my host account. The files installed are

alah.php

zx1.php

send.php

image.php

head.php

foot.php

and the mod dates on the files reflect the mod dates on files previously installed by the site owner.

 

Does anyone have any experience with this and can you tell me what the hole the hacker used is and how to stop it from happening again.

Link to comment
Share on other sites

was the site patched with the most recent upgrades?

seen here: http://www.oscommerce.com/forums/index.php?showtopic=180289

The site was patched with the most recent upgrades. Apparantly the files installed (a mail bomb) had the owner changed on them which is why I could not change the permissions and delete them. The owner was also changed on the images directory.

Link to comment
Share on other sites

i don't follow... if you or your client have access via cpanel or ftp to the root directory, how does the owner get changed?

 

are you sure your host wasn't hacked?

 

i've heard of people on shared servers being hacked eventhough their site is up to date. the hackers can gain control through somebody else's account and just walk into your folder and do as they please.

 

if this type of thing happened, it's your host's fault for not being secure and there's nothing you can do about it aside from moving hosts. but first the host needs to be made aware you suspect the hacker may have gained access through someone else's account so they can do what they need to do to secure themselves and fix the problem.

 

do not accuse them of it though :) ask some questions and see if maybe THEY have access to logs that you can't see.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...