Guest Posted March 8, 2006 Posted March 8, 2006 i can't believe this. one of my client's shops was hacked by ANOTHER MEMBER OF THE COMMUNITY. they hadn't run the 051113 upgrade, someone used them as a spam gateway, they got blacklisted by AOL and their ISP shut down sendmail which meant they weren't getting customer emails and they lost a lot of business. we finally get a copy of the spam that was sent. i went and found the company online. they are another OSCommerce site. we've been hacked by a memeber of our own community. i can't believe they would be so wrong. i'd post their name right here right now but i'm advising my client to take legal action and i don't want to mess it up. i'll give you a hint. they sell medical products for the home.
mark27uk3 Posted March 8, 2006 Posted March 8, 2006 This is an unfortunate story. The problem for your client is proving that they were the spammers, they were probably just a victim of the same. Legal action will probably be a waste of time and money. Mark Lifes a bitch, then you marry one, then you die!
oscommerce2006 Posted March 8, 2006 Posted March 8, 2006 Hi Could you tell me what the 051113 upgrade is? Also does anyone know the best methods of protecting our websites from hackers?
insomniac2 Posted March 8, 2006 Posted March 8, 2006 I don't think the problem lies specifically just with osc. When you are running a server you have to take necessary steps in preventing issues like spam or kiddy scripters who think they are real hackers .. but just play with programs they find on the net. A real hacker would not spend time trying to gain access to a server to send spam mail. Running a proper mail filter ... which will identify potential mail transfer abuse and stop or report it ... as well as shutting down uneccessary ports etc. are a good start. I think the osc members and the community have done a great job at finding and fixing most problems quickly ... but as with anything .. you can always find something wrong if you look hard enough. Thats just my 2 cents.
chuckh2d Posted March 11, 2006 Posted March 11, 2006 Running a proper mail filter ... which will identify potential mail transfer abuse and stop or report it ... as well as shutting down uneccessary ports etc. are a good start. Forgive me for being dense, but have you any "proper mail filters" to recommend? Are there patches/threads here that could help me find and/or install them? Failing that, if I were to rename contact_us.php, what other files do I need to alter so that the contact script still works? I've performed all the current Milestone 3 updates and I've enjoyed six weeks without spam generated at my site...but today it's back again: here's the spam header: X-POP3-Rcpt: [email protected]Received: (from www@localhost) by myserver.com (.../...) i Sat, 11 Mar 2006 09:47:08 -0500 Date: Sat, 11 Mar 2006 09:47:08 -0500 Message-Id: <[email protected]> To: "Chuck Warner" <[email protected]> Subject: your message to myurl.com X-Originating-Site: myurl.com From: "[email protected]" <[email protected]> MIME-Version: 1.0 X-Mailer: osCommerce Mailer Content-Type: text/plain Content-Transfer-Encoding: 7bit a Content-Type: multipart/alternative; boundary=487acb0613774c824144e1f9892072da MIME-Version: 1.0 Subject: as bcc: [email protected] This is a multi-part message in MIME format. --487acb0613774c824144e1f9892072da Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit the old ruins. ell, he returned, laughing, tis --487acb0613774c824144e1f9892072da-- . Thanks for your time!
Guest Posted March 11, 2006 Posted March 11, 2006 that rings a bell. random text generated by some bot and run through the email gateway. this is not good.
chuckh2d Posted March 12, 2006 Posted March 12, 2006 that rings a bell. random text generated by some bot and run through the email gateway. this is not good. I've just had a second spam message with the identical format. I have changed some of the 'define' language in hopes that I can trace exactly where (and when) the spammer is getting its information. However, It still seems to me that the best solution for this (or at least the next place to try troubleshooting) is going to be for me to rename my contact_us.php throughout the osC code. I'm on a Mac with OSX Tiger that has perversely lost its ability to search for text, so if anyone has a list of where these various mentions of contact_us.php occur, I'd be most grateful.
AlanR Posted March 12, 2006 Posted March 12, 2006 It's in /includes/file_names.php. FILENAME_CONTACT_US is a constant defined as contact_us.php define('FILENAME_CONTACT_US', 'contact_us.php'); Change that definition and the name of contact_us.php and any script specifically targeting contact_us.php will miss. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
chuckh2d Posted March 12, 2006 Posted March 12, 2006 Thank you Alan-- I've made the changes and they seem to be working. We'll see if this spam routine is looking specifically for contact_us files or if there is some broader osCommerce vulnerability. The other patch that might make this entire problem go away would be if there was a way to disable cc: and bcc: e-mail addresses in any osCommerce auto-response (like contact_us), as obviously there is no reason why there should EVER be more than one recipient. Might that be possible? thanks to all.
Guest Posted March 12, 2006 Posted March 12, 2006 The other patch that might make this entire problem go away would be if there was a way to disable cc: and bcc: e-mail addresses in any osCommerce auto-response (like contact_us) doubtful. you can always send a message to multiple recipients in the main "to" by simply using a space or , there are no default auto-responses in oscommerce for contact_us?
chuckh2d Posted March 12, 2006 Posted March 12, 2006 doubtful.you can always send a message to multiple recipients in the main "to" by simply using a space or , I understand, but then why not prohibit spaces or commas in ANY of the address fields of osCommerce's auomated responses? This would cripple automated spam that indiscriminately preys on osCommerce installations --and save a great many of us from having our urls and servers blacklisted (again and again). With multiple addresses disabled no more than three spam messages could go out per attempt. This wouldn't stop automated spam routines (or stop the recipients from reporting them as spam), but it would certainly make them highly inefficient --and it might eventually stop people from trying to develop them for osCommerce.
chuckh2d Posted March 12, 2006 Posted March 12, 2006 why not prohibit spaces or commas in ANY of the address fields A simpler fix might be to impose a character limit on e-mail addresses (or are these spam assaults able to make end-runs on the osCommerce .php code and substitute their own e-mail routines altogether? Again, I'm probably showing more than my share of ignorance.)
gigant Posted March 13, 2006 Posted March 13, 2006 please spare a little time to help me, a newbie in osc. i would greatly appreciate any help or idea. thanks. ...as per recommendation above, i changed the filename in /includes/file_names.php. FILENAME_CONTACT_US ...constant defined as contact_us.php define('FILENAME_CONTACT_US', 'contact_us.php'); ...i also changed the name of contact_us.php ...the problem now is when i click on the link for contact_us in the menu, the page is blank. any idea? thanks
boxtel Posted March 13, 2006 Posted March 13, 2006 please spare a little time to help me, a newbie in osc. i would greatly appreciate any help or idea. thanks. ...as per recommendation above, i changed the filename in /includes/file_names.php. FILENAME_CONTACT_US ...constant defined as contact_us.php define('FILENAME_CONTACT_US', 'contact_us.php'); ...i also changed the name of contact_us.php ...the problem now is when i click on the link for contact_us in the menu, the page is blank. any idea? thanks rename your language files Treasurer MFC
gigant Posted March 13, 2006 Posted March 13, 2006 rename your language files hi boxtel. thanks! it now shows the page :D but the main problem is still there... i still not able to receive emails from the "Contact Us" form. any idea? thank you so much.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.