Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Phishing attack this past weekend


ismq

Recommended Posts

Hi,

 

My site was attack the weekend and I and my hosting company got an email from a Bank in Italy.

 

The attacker put code into the /images dir. The image dir requires wide open permissions to work allowing someone to dump code in to the site.

 

1) Any solutions to block this access to the /images dir?

 

Also they were able to change the protections on the files placed in my site so that I could not delete them with FTP. How did they do that and how can I protect against it in the future?

 

Thank in advance for the advice

Link to comment
Share on other sites

Hi,

 

My site was attack the weekend and I and my hosting company got an email from a Bank in Italy.

 

The attacker put code into the /images dir. The image dir requires wide open permissions to work allowing someone to dump code in to the site.

 

1) Any solutions to block this access to the /images dir?

 

Also they were able to change the protections on the files placed in my site so that I could not delete them with FTP. How did they do that and how can I protect against it in the future?

 

Thank in advance for the advice

 

Normally you cannot delete folders because they have ht access or similar. If you can use linux command line you can create a script to kill the whole file. You can still delete some files then delete the ht access etc from your web hosting panel. Dont know about the images bit. I cannot access my images folder, but they show up, is that not a permissions thing? ask your host if they could suggest settings.

Link to comment
Share on other sites

osC only requires those permissions on the images file when you are uploading an image. At all other times it need not be writeable. Probably you have to change the permissions on the file before you can delete it. If your host has CPanel then such things are easier to do rather than using ftp.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...