Security issue with current store

[Tjobbe]

Hey everyone,

 

Some spammer is sending emails from my oscommerce store and AOL have blacklisted my hosts server as a result. I have been asked to fix it as a matter of urgency!

 

I disabled the contact form (physically deleted the <form> itself) but somehow there is still spam being sent from somewhere on my site.

 

Is this a known problem?

 

How do I fix it? I haven't upgraded in months if that helps at all?

 

Thanks in advance for any advice, I'm lost as to what to do.

[Guest]

Go through your site looking for extra files, check your images folder first. Also install the December update for osC.

[Tjobbe]

thanks Peter, I will try the install - ive never done it before so wish me luck!

 

I have spent a very long time looking for extra files, and not found anything, so an update it is.

[Tjobbe]

ok, im a bit confused as to what I have to do to upgrade the store.

 

I downloaded the latest milestone, and found the update-20051113.html file.

 

This details a lot of changes, if I go through these files one-by-one, is that all I have to do to upgrade??

[Guest]

if I go through these files one-by-one, is that all I have to do to upgrade??

 

That will hoefully stop future attacts but you need to find out how they got into your store in the first place and deal with that.

[insomniac2]

There is a contribution called Banned Emails v1.2

 

You can add the perpetrators email to a file which will stop them from being able to message your store or create accounts etc. I have modified it for a lot of pages in my shop.

 

Link: http://www.oscommerce.com/community/contri...ch,banned+email

 

Hope this helps you out.

[Tjobbe]

Well, I dont know the person doing it and there is no way of founding out. I dont even know which file they are using!

 

So, upgrading - file by file isnt it? I have no way of knowing which file they used so if this stops future attacks then thats problem solved.

 

hopefully.