Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My Site Was Hacked


joeyjgarcia

Recommended Posts

Posted

Is there a way to have some software that can determine when my site is accessed via FTP and alert me? Possibly from reading the logs?

 

I found a bunch of foreign links that look like htey were hosted on my site when I went to Google and did site:<mydomain.com>. I found a .htaccess file and a couple of .php files that were the culprits, I removed them and changed my site password but I'm not comfortable just waiting until the next hack.

Posted
Is there a way to have some software that can determine when my site is accessed via FTP and alert me? Possibly from reading the logs?

 

I found a bunch of foreign links that look like htey were hosted on my site when I went to Google and did site:<mydomain.com>. I found a .htaccess file and a couple of .php files that were the culprits, I removed them and changed my site password but I'm not comfortable just waiting until the next hack.

 

There seems to be alot of this type of hack going on, even outside of osCommerce. I make gneral information sites in my spare time for friends and family and 5 out of 5 had the same hack. I also had people hosted with the same as me contact me and saying they had the same problem. I put it down to the host being crap, but i've since seen this mentioned on here more than once.

 

Does anyone know how the hackers are doing it? and what can be done to prevent it, apart from CHMOD cus that doesnt seem to work...

Shelton Brown

Web/Graphic Designer

Posted

Security is only as good as the person securing the access to something. For your own security you want to use strong passwords. For example at least 8 alpha-numeric/symbol characters with a combination of upper/lowercase (Th1s1San3xamp13!). As a hosting provider we require all of our customers to have a minimum combination such as that for everything. Also for maximum security you should try to use different passwords for everything (i.e. one for control panel, one for FTP, one for SSH) if you can. Hackers will typically find the easiest targets first and hit them. The harder you make it the less likely it is to get hacked right away. Change passwords often and always backup your files at least weekly, preferably daily - and don't forget to backup your database.

Posted

There are a number of ways for them to get in and they are constantly looking for more. You should install the latest oscomerce updates, the site monitor mentioned above, change your logins (all of them, not just your admin one) and make sure you don't have a test shop set up on your server that doesn't have its admin password protected. There are probably other things you could do but that is all I can think of at the moment.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...