Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My OS Store Hacked


Guest

Recommended Posts

Hello, Someone uploaded a php script to one of my folders, then I found more scripts throughout my site, I did not put these there. My config and some other files were also changed.

Any advice on stopping this, I have everything set up right as far as I know.

Is there a security flaw on OS sites?

Link to comment
Share on other sites

Get SSL, change the name of your admin folder .... name it "johndoe", or whatever, and then change all occurrences of "admin" to "johndoe" in your (catalog)/admin/includes/configure.php file. When you're done editing you config files, change the permissions from 777 to 644.

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

Thanks I will do that,

I have saved the scripts, I will look them over later when I have more time.

I also have there host they were trying to send info to, Is there a way I can find out who the hosting company is or somone i can turn them into. The domain registry looks fake.

Link to comment
Share on other sites

Thanks I will do that,

I have saved the scripts, I will look them over later when I have more time.

I also have there host they were trying to send info to, Is there a way I can find out who the hosting company is or somone i can turn them into. The domain registry looks fake.

 

 

IF you're running windows, type commnad in the run box from start. It will take you to a DOS prompt. Type: tracert "and" the IP address. you can also use ping if you just wanted to see the path.

 

If you have an actual domain, you can also go to www.whois.org to start mining the domain and registered ownership.

 

Hackers will most likely be using ghost servers though, jumping off of multiple points. Can't trace it.

Link to comment
Share on other sites

Change all of your passwords!

Other great Open Source (Free) programs: (Free as in free speech not free beer)

The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS

How do I find these programs? Google Search!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...