montytx Posted March 2, 2007 Share Posted March 2, 2007 My site apparently has had a hacker intrude. The only thing that I can see that has happened is a broadcast email was sent out. Any ideas on what else I can do to secure the site. THe admin area is secured with htaccess. IS there a FAQ for security? Thanks Link to comment Share on other sites More sharing options...
newbieman Posted March 2, 2007 Share Posted March 2, 2007 My site apparently has had a hacker intrude. The only thing that I can see that has happened is a broadcast email was sent out. Any ideas on what else I can do to secure the site. THe admin area is secured with htaccess. IS there a FAQ for security? Thanks There are many possible reasons how/why someone got into your site. I don't know if you are hosting on your own equipment or a tier x commercial server. That will be necessary to know. Change your passwords, *restrict access to the admin!*, make sure your code can't be viewed or directories browsed, use secure passwords for web access and ftp access. Block ftp access to specific ip addresses (if possible)... etc. There are so many variables that I suggest you hire a pro. Alternatively, I suggest the following excellent book: Hack Proofing Your Ecommerce Site (Paperback) by L. Brent Huston Here are some web links related to security: http://www.ecommerce-digest.com/ecommerce-...ity-issues.html http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 Link to comment Share on other sites More sharing options...
montytx Posted March 2, 2007 Author Share Posted March 2, 2007 There are many possible reasons how/why someone got into your site. I don't know if you are hosting on your own equipment or a tier x commercial server. That will be necessary to know. Change your passwords, *restrict access to the admin!*, make sure your code can't be viewed or directories browsed, use secure passwords for web access and ftp access. Block ftp access to specific ip addresses (if possible)... etc. There are so many variables that I suggest you hire a pro. Alternatively, I suggest the following excellent book: Hack Proofing Your Ecommerce Site (Paperback) by L. Brent Huston Here are some web links related to security: http://www.ecommerce-digest.com/ecommerce-...ity-issues.html http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 Hmm, Intresting, but everrything you have linked is about SSL. I have SSL on a dedicated IP with an ISP. I am not hosting. I changed the passwords this am, but if they got through them the first time whats to stop it from happening again. I am not sure they actually got in via admin. I have been noticing the past week I am getting emails from my site with my providers domain. So I dont know if they have access to my mail gateway or what. I just changed the password there in case also. I have browsing directories disabled. FTP is PW protected also. I am not an expert but I am somewhat knowledgeable and have covered all the obvious bases. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 2, 2007 Share Posted March 2, 2007 Have you installed the latest oscommerce update? Several of the fixes in it are for securing the site. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
newbieman Posted March 2, 2007 Share Posted March 2, 2007 Hmm,Intresting, but everrything you have linked is about SSL. I have SSL on a dedicated IP with an ISP. I am not hosting. I changed the passwords this am, but if they got through them the first time whats to stop it from happening again. I am not sure they actually got in via admin. I have been noticing the past week I am getting emails from my site with my providers domain. So I dont know if they have access to my mail gateway or what. I just changed the password there in case also. I have browsing directories disabled. FTP is PW protected also. I am not an expert but I am somewhat knowledgeable and have covered all the obvious bases. There was more than SSL in those references. When you stated that a "broadcast email" was sent out, do you mean that one of your form emails was sent via "Send email to customer"? Otherwise, how do you know your site was hacked? If your provider is also your email service, could be that they are not open relay protected. Check with your hosting site. Or more likely perhaps you simply received email with a spoofed email address. Where did they get your email address? That was likely extracted from your website via a bot. NEVER list an actual email address on your website in a format that a bot can retrieve. When I wish to list an email address, I use the following code: <script TYPE="text/javascript"><!-- address='emailsuffix.com' address=('emailprefix' + '@' + address) document.write('<A href="mailto:' + address + '"> <span class="style5">' + address + '</span></a>') </script> Anyhow, I do highly recommend that book. Amazon sells it for next to nothing. Link to comment Share on other sites More sharing options...
newbieman Posted March 2, 2007 Share Posted March 2, 2007 Have you installed the latest oscommerce update? Several of the fixes in it are for securing the site. Jack Jack, how do you determine what your core version of oscommerce is? "The error returned was: Flood control is enabled on this board, please wait 30 seconds before replying or posting a new topic" BOY, THAT IS ANNOYING! Link to comment Share on other sites More sharing options...
♥Vger Posted March 2, 2007 Share Posted March 2, 2007 Well, you'll know if the version of osCommerce you have running is one you installed after September 2006 (the last update), or one you installed after November 2005 (the last but one update). If it's from before November 2005 then your site is not patched against the 'Contact Us' page exploit, and can be hijacked by any spammer. Vger Jack, how do you determine what your core version of oscommerce is? "The error returned was: Flood control is enabled on this board, please wait 30 seconds before replying or posting a new topic" BOY, THAT IS ANNOYING! Link to comment Share on other sites More sharing options...
newbieman Posted March 2, 2007 Share Posted March 2, 2007 Well, you'll know if the version of osCommerce you have running is one you installed after September 2006 (the last update), or one you installed after November 2005 (the last but one update). If it's from before November 2005 then your site is not patched against the 'Contact Us' page exploit, and can be hijacked by any spammer. Vger Thanks but since I had someone do the initial install and modifications.... I have no idea what release they used. It could be based on a 4 month or 2 years old release.... I suppose I could compare dates.... but no... that won't work either because the FTP software has changed most/all original file dates. $%&^ FTP program! Okay, perhaps I can do a code compare on the changes to the "Contact Us" code. But where is this fix located. I did a search here and on Google and all I can find are dead links to bug reports. This makes sense because it is no longer a open bug. Where is there a page listing security issues and patches? Many people such as myself can't simply overwrite files blindly since I (we) have a significant amount of modified code. I downloaded oscommerce 2.2 ms2, the changelog just states that a contact us page was added. huh? I will have to do a code compare but should I be looking at the root\contact_us.php or the one in languages? And as asked, is there a document that details the modification that was made? Thank you Link to comment Share on other sites More sharing options...
montytx Posted March 3, 2007 Author Share Posted March 3, 2007 Thanks but since I had someone do the initial install and modifications.... I have no idea what release they used. It could be based on a 4 month or 2 years old release.... I suppose I could compare dates.... but no... that won't work either because the FTP software has changed most/all original file dates. $%&^ FTP program! Okay, perhaps I can do a code compare on the changes to the "Contact Us" code. But where is this fix located. I did a search here and on Google and all I can find are dead links to bug reports. This makes sense because it is no longer a open bug. Where is there a page listing security issues and patches? Many people such as myself can't simply overwrite files blindly since I (we) have a significant amount of modified code. I downloaded oscommerce 2.2 ms2, the changelog just states that a contact us page was added. huh? I will have to do a code compare but should I be looking at the root\contact_us.php or the one in languages? And as asked, is there a document that details the modification that was made? Thank you I have 2.2 ms2 I have 2 things going on. I have a customer account with my email address so I can log in and check out the site. That email address got an email from my site with profanity and info about where I am from. I can only assume that they got into the site and did a broadcast email. I cant think of any other way I would have gotten an email. THen I get emails from my contact us page, but they are not from users. Instead they are from my ISPs mail server and have email addresses that are some random string at my domain. How can that occur. Here is a sample of emails I am recieving: nastly. istalking frontinued the humstare anx pace suppossed up of and today his finated screame . here voice one of there of me, getty w nwhird fixatifulldozer ter 22 e suicks fell do a242291fc22aca8ba242606db8a6fe7a ." MIME-Version: 1.0 X-Mailer: osCommerce Mailer Content-Type: text/plain; charset=so-8859-1" Content-Transfer-Encoding: 7bit [email protected] IT is not sensical babel but it appears to be from my site. Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 3, 2007 Share Posted March 3, 2007 Thanks but since I had someone do the initial install and modifications.... I have no idea what release they used. It could be based on a 4 month or 2 years old release....Go to the Solutions->Downloads menu item above and download the latest set of files. In that package is an instruction file for updating your shop. It is an easy matter of checking a few of the items to determin if it is already installed in your shop. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.