75Designs Posted May 14, 2007 Share Posted May 14, 2007 My website was hacked by bruce of "1923 TURK GRUP". The index.php file in catalog was deleted and an index.html page was added in. The page said hacked by bruce of 1923 TURK GRUP and then some more text that seemed to be turkish.Couldn't find a translator for it. Anyways my admin section is passworded as well as all ftp accounts. I'll change all of my passwords as well as the e-mail password that the accounts are linked to. Anyone seen this before? any clue where they slipped in? maybe a security patch to prevent this?? Thanks a lot. Link to comment Share on other sites More sharing options...
usernamenone Posted May 14, 2007 Share Posted May 14, 2007 Do you have the latest updates unstalled? If this is an older version there is a security hole in the contact us. Download the latest version and follow the step by step update in the "update-20060817.txt" Link to comment Share on other sites More sharing options...
75Designs Posted May 14, 2007 Author Share Posted May 14, 2007 I am running: osCommerce 2.2-MS2 PHP Version 4.3.11 Linux 2.6.19.2-UP MySQL 4.1.20-max-log Link to comment Share on other sites More sharing options...
usernamenone Posted May 15, 2007 Share Posted May 15, 2007 oscommerce2.2-MS2 and oscommerce-2.2ms2-060817 only say 2.2ms2 in your application_top.php and your server report, the only way to tell which version you have is to compare the files that were updated in the June 07 version. My guess is that your server was hacked and that is why only your index.php file was deleted and the hacker placed a html index in its place. You still need to find out if you have an updated version. I am running:osCommerce 2.2-MS2 PHP Version 4.3.11 Linux 2.6.19.2-UP MySQL 4.1.20-max-log Link to comment Share on other sites More sharing options...
b0se Posted May 15, 2007 Share Posted May 15, 2007 Just to clarify - MS2.2-060817: is this version already fixed/protected? Link to comment Share on other sites More sharing options...
usernamenone Posted May 15, 2007 Share Posted May 15, 2007 yes Link to comment Share on other sites More sharing options...
amatkins Posted May 15, 2007 Share Posted May 15, 2007 I've had this same message on non-oscommerce sites. I found that the actual "home" page was not deleted...they just added other Home pages (ending in html, htm, asp, etc). Just re-upload the real index.php page and delete the other pages it put up there. Contact your hosting company and let them know they got through. Link to comment Share on other sites More sharing options...
75Designs Posted May 16, 2007 Author Share Posted May 16, 2007 I did, they were the first ones I called. I changed my passwords around but i'm not sure what else to do. as for the version number i'll look into it Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.