Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My site is hacked, how did they do it?


kbking

Recommended Posts

It is the english part of the site and the categories that have been altered. All my categories has been whiped out and substituted with an other oscommerce site's categories. I have both Catalog and Admin password protected with .htaccess, this because I'm still in the development phase. My other two langages are not affected as far as I can see at the moment.

 

How on earth has this been done? Is it through the Admin interface or have they done it through phpMyAdmin on my webhosts server?

 

I would really appreciate some input on this from experienced osc coders! I need to find out if I am the one to blame for it, or my webhost has faulty security. It is one of the biggest webhosts in my country and a rather costly account I have purchased.

 

TIA

kbking

Link to comment
Share on other sites

Maybe I'm on to something now.

 

Since it is all about the column_left.php and the fact that the Manufacturers appear in a drop down box there which links are from an other osc site, I looked inside this file and found this code:

 

 if ((USE_CACHE == 'true') && empty($SID)) {
echo tep_cache_manufacturers_box();
 } else {
  // include(DIR_WS_BOXES . 'manufacturers.php');
 }

 

Now I remembered that I did a new setting from Admin in the hope to get faster page loads. It was in Configuration -> Cache, where I changed Use Cache "false" to "true" instead. Now I changed this back again to "false" and the drop down disappeared.

 

I can see that the Cache Directory in Admin has this value: /tmp/, but I'm not able to figure how it can pick up some other OSC site's links.

 

I could use some explanation. I feel it could come in handy when I'm going to talk to my webhost!

Link to comment
Share on other sites

your web host more than likely hosts other oscommerce sites, thats where the other categories are coming from. if you want to turn cache on, rename the cache directory to something that isnt common, something that the other oscommerce sites on that host dont name theirs.

What? Yeah, I can do that.

Link to comment
Share on other sites

Done! Seems to have solved the problem. :)

 

Are there any other Admin settings that could have similar unpleasent effects?

 

Also, do anyone know of any good threads/tutorials on how to speed up this application, such as settings, improvments on the code, etc.

Link to comment
Share on other sites

A thumbnail contribution is very useful for this.

here is one

http://www.oscommerce.com/community/contributions,2872

My Contributions

 

Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly

Password Protect Admin

"No matter where you go....There you are" - Buccaroo Bonsai

Link to comment
Share on other sites

Done! Seems to have solved the problem. :)

 

Are there any other Admin settings that could have similar unpleasent effects?

 

Also, do anyone know of any good threads/tutorials on how to speed up this application, such as settings, improvments on the code, etc.

A few ideas to speed up your site a little:

 

Turning the category counts off.

Replace the pixel spacers with css.

Removing redundant code from the stylesheet.

tep_show_category optimization

A Store Speed Optimization in Progress

There are some opportunities to move some of the presentation markup into the stylesheet.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...