Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SITE HACKED


Monk

Recommended Posts

Ok....so i've noticed some weird "new" files that have been added to my site.

Sis a little research and came across another forum that talks about the same issues although its not an oscommerce site being hacked.

 

Take a look at the following:

 

http://www.pivotlog.net/forum/viewtopic.ph...46fa2349c19024f

 

I found the files mentioned in fourm abouve in 2 places so far:

 

includes/languages/english

 

admin/includes/backup

 

 

Anyone ever run into this before???

 

Any idea what they are after???

Link to comment
Share on other sites

Tha forum posting points out that this only happens when folders have full permissions of 777 - which has always been a security risk. Your site should not run with folder permissions higher than 755.

 

Vger

Link to comment
Share on other sites

Tha forum posting points out that this only happens when folders have full permissions of 777 - which has always been a security risk. Your site should not run with folder permissions higher than 755.

 

Vger

 

Yeah....i checked the file permissions and only one folder had 777 but was not "infected"

 

A 404 check program also returned about 100 noexistent pages buried in the images folder. Pages like:

 

http://www.mysite.com/images/Christmas/Orn...tore-video.html

Link to comment
Share on other sites

Are you using the most up to date version of osCommerce 2.2 MS2 from the downloads section at www.oscommerce.com?

 

Does your hosting company use cPanel? If so they may be using an out of date or unpatched version which is subject to the cPanel injection exploit. If this is the case then removing the injected files from your website won't do anything because they can be injected again.

 

In the meantime if the 'images' folder does have permissions of 755 then make sure that the images inside it don't have permissions higher than 644.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...