azjetski Posted March 11, 2006 Posted March 11, 2006 We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change that password and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated.
ozcsys Posted March 11, 2006 Posted March 11, 2006 We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change thatpassword and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated. Do you have control over your hosting account ( is it in your name)? If so you should contact your hosting company and get them to change the control panel and ftp passwords for you. The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right??
custodian Posted March 11, 2006 Posted March 11, 2006 I hear these situations so many times. This is what you need to do. 1- Change FTP password Also have them verify ALL FTP users associated with the account or that have access to you directory Sometimes webmaster will use your password and other times the provider will set up a secondary account that and has the same group writes as you. 2- Change email passwords /etc/mail/virtusertable : Have the verify all emails in the /etc/mail/virtusertable that are assigned to your domain /etc/aliases This may also contain alaises for mail for your domian/account Example: If in the /etc/mail/virtusertable there is an entry for webmaster that is assigned to [email protected], [email protected] and allofus. This main will be sent to you and bad badguy, but since allofus is not a full email it will then look to the /etc/alaises table to expand all parties. The /etc/aliases may look like allofus: [email protected], [email protected], [email protected], etc... Admin Security Removing the .htaccess file from the /catalog/admin directory will allow you to gain access to the admin panel. Though everyone else will have access to Either reset the password on the .htaccess file or have your provider do it when your on the phone with them. Database: Either you or your provider you change the mysql database password. If you are unsure of the name and password currently used, this information is in your /catalog/admin/includes/configure.php Once you change the password you will need to change it in this file too. You want to do this after you know all other areas have been secured, otherswise he/she wil be able to see the new password. Audit: The 'webmaster' may have installed additional items that will allow him to hve a master password to oscommerce. You should have someone pick through your files checking for these types of doors. I've done these things more times then I can count over the past two years, it seems that some webmasters today somehow feel that this is their work - but since they were paid for it, obvious it is not. I usually recommend contacting you lawyer and having them send a .. due to the costly monetary damages your actions are currently costs us, unless we are provided with all accoun information we will have choice bu to proceed with... Give them a 24 deadline and have it sent certified with signature required. They'll be calling you quick :) We're hoping someone can help. We had a guy built our business website and when it was done he got mad and left. Unfortunately he refused to give us any passwords, log in ID's or instructions on how to change the site. We were able to get into our shopping cart for a while but then someone else decided to change thatpassword and now we're also locked out of that. The only information we have is when we click on Support, it takes us to you fine people. Oh, and if we click on the 'forgot password' it claims to send a new one but does not. On top of all this, someone hacked into our site and put a lot of bad stuff on it that's offending our customers. Can anyone help us? Any helpful suggestions would be much appreciated. My Contributions Henry Smith
Recommended Posts
Archived
This topic is now archived and is closed to further replies.