Guest Posted January 9, 2007 Share Posted January 9, 2007 Hello, Someone uploaded a php script to one of my folders, then I found more scripts throughout my site, I did not put these there. My config and some other files were also changed. Any advice on stopping this, I have everything set up right as far as I know. Is there a security flaw on OS sites? Link to comment Share on other sites More sharing options...
jpweber Posted January 9, 2007 Share Posted January 9, 2007 Get SSL, change the name of your admin folder .... name it "johndoe", or whatever, and then change all occurrences of "admin" to "johndoe" in your (catalog)/admin/includes/configure.php file. When you're done editing you config files, change the permissions from 777 to 644. Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
Guest Posted January 9, 2007 Share Posted January 9, 2007 Thanks I will do that, I have saved the scripts, I will look them over later when I have more time. I also have there host they were trying to send info to, Is there a way I can find out who the hosting company is or somone i can turn them into. The domain registry looks fake. Link to comment Share on other sites More sharing options...
rszrama Posted January 9, 2007 Share Posted January 9, 2007 Probably best just to fix your security holes and forget about it. You can always ban their IP, but a hacker most likely won't be stopped by that. :P Link to comment Share on other sites More sharing options...
b101aa2 Posted January 9, 2007 Share Posted January 9, 2007 Thanks I will do that, I have saved the scripts, I will look them over later when I have more time. I also have there host they were trying to send info to, Is there a way I can find out who the hosting company is or somone i can turn them into. The domain registry looks fake. IF you're running windows, type commnad in the run box from start. It will take you to a DOS prompt. Type: tracert "and" the IP address. you can also use ping if you just wanted to see the path. If you have an actual domain, you can also go to www.whois.org to start mining the domain and registered ownership. Hackers will most likely be using ghost servers though, jumping off of multiple points. Can't trace it. Link to comment Share on other sites More sharing options...
natewlew Posted January 9, 2007 Share Posted January 9, 2007 Change all of your passwords! Other great Open Source (Free) programs: (Free as in free speech not free beer) The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS How do I find these programs? Google Search! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.