Monk Posted April 7, 2007 Posted April 7, 2007 Ok....so i've noticed some weird "new" files that have been added to my site. Sis a little research and came across another forum that talks about the same issues although its not an oscommerce site being hacked. Take a look at the following: http://www.pivotlog.net/forum/viewtopic.ph...46fa2349c19024f I found the files mentioned in fourm abouve in 2 places so far: includes/languages/english admin/includes/backup Anyone ever run into this before??? Any idea what they are after???
♥Vger Posted April 7, 2007 Posted April 7, 2007 Tha forum posting points out that this only happens when folders have full permissions of 777 - which has always been a security risk. Your site should not run with folder permissions higher than 755. Vger
Monk Posted April 8, 2007 Author Posted April 8, 2007 Tha forum posting points out that this only happens when folders have full permissions of 777 - which has always been a security risk. Your site should not run with folder permissions higher than 755. Vger Yeah....i checked the file permissions and only one folder had 777 but was not "infected" A 404 check program also returned about 100 noexistent pages buried in the images folder. Pages like: http://www.mysite.com/images/Christmas/Orn...tore-video.html
♥Vger Posted April 8, 2007 Posted April 8, 2007 Are you using the most up to date version of osCommerce 2.2 MS2 from the downloads section at www.oscommerce.com? Does your hosting company use cPanel? If so they may be using an out of date or unpatched version which is subject to the cPanel injection exploit. If this is the case then removing the injected files from your website won't do anything because they can be injected again. In the meantime if the 'images' folder does have permissions of 755 then make sure that the images inside it don't have permissions higher than 644. Vger
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.