Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Complete website lockout


azjetski

Recommended Posts

Posted

We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change that

password and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated.

Posted
We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change that

password and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated.

 

 

Do you have control over your hosting account ( is it in your name)? If so you should contact your hosting company and get them to change the control panel and ftp passwords for you.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Posted

I hear these situations so many times.

 

This is what you need to do.

 

1- Change FTP password

Also have them verify ALL FTP users associated with the account or that have access to you directory

Sometimes webmaster will use your password and other times the provider will set up a secondary account that and has the same group writes as you.

 

2- Change email passwords

/etc/mail/virtusertable :

Have the verify all emails in the /etc/mail/virtusertable that are assigned to your domain

/etc/aliases

This may also contain alaises for mail for your domian/account

 

Example: If in the /etc/mail/virtusertable there is an entry for webmaster that is assigned to [email protected], [email protected] and allofus. This main will be sent to you and bad badguy, but since allofus is not a full email it will then look to the /etc/alaises table to expand all parties. The /etc/aliases may look like

allofus: [email protected], [email protected], [email protected], etc...

 

Admin Security

Removing the .htaccess file from the /catalog/admin directory will allow you to gain access to the admin panel. Though everyone else will have access to

Either reset the password on the .htaccess file or have your provider do it when your on the phone with them.

 

Database:

Either you or your provider you change the mysql database password.

If you are unsure of the name and password currently used, this information is in your /catalog/admin/includes/configure.php

Once you change the password you will need to change it in this file too.

You want to do this after you know all other areas have been secured, otherswise he/she wil be able to see the new password.

 

Audit:

The 'webmaster' may have installed additional items that will allow him to hve a master password to oscommerce. You should have someone pick through your files checking for these types of doors.

 

I've done these things more times then I can count over the past two years, it seems that some webmasters today somehow feel that this is their work - but since they were paid for it, obvious it is not. I usually recommend contacting you lawyer and having them send a .. due to the costly monetary damages your actions are currently costs us, unless we are provided with all accoun information we will have choice bu to proceed with... Give them a 24 deadline and have it sent certified with signature required. They'll be calling you quick :)

 

 

We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change that

password and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated.

My Contributions

 

Henry Smith

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...