Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Over 9.000 Files That Shouldn't Be There


Guest

Recommended Posts

Hi.

 

I have a problem and I'm not sure whether it's related to osc or not.

At Google Webmaster Corner , where I submiotted my sitemap, I have over 9.000 pages not found.

And those pages aren't even on my site! I think something generates them but I can't imagine what.

 

All of them are like this:

 

http://www.muccelmic.com/Airport.cfm?pt=2&...p;kt=4&kp=1

 

only instead of Airport there are other words. And in the last few weeks Google seems to be a little upset with me, I'm not indexed so good anymore. The site is SITE

 

If anyone can help or at least give me a clue what to do to understand this I'd be grateful. Thank you.

Link to comment
Share on other sites

It sounds like your website may have been exploited - perhaps with the Open Redirect exploit.

 

Make sure that your site is fully up to date with all of the bug fixes and security patches issued in the last two version of osCommerce 2.2 MS2.

 

Go to downloads at www.oscommerce.com and download the latest version and you'll find manual update files also included.

 

Also, FTP to your website and go through every folder - making sure that your FTP programme is set to show all 'hidden' files. Look especially in .htaccess files to see what is actually written in them.

 

Any files you find which you are certain have nothing to do with your website - delete.

 

Vger

Link to comment
Share on other sites

Also - check permissions on your folders. No folder should have permissions of 777 - this is Read, Write, Execute for everyone, and a major security risk.

 

Folders should have permissions of 755 and files of 644 (except for the two configure.php files which have their own permissions depending on your hosting).

 

Your webiste is also serving up files via the cgi-bin - so check in there also.

 

Vger

Link to comment
Share on other sites

Well, until now I checked all the files and folders and there doesn't seem to be anything extra, not even hidde.

The cgi-bin folder is empty.

I had some folders with 777, but put them on 755.

 

Now I'll do the manual update.

 

The .haccess files seem to be ok...

 

But something is clearly wrong somewhere. The bandwith limit of my site is often exceeded and now I'm guessing it isn't ok - I don't think I'm so good. :rolleyes:

 

Is there enuthing else to do? I wonder when will Google change something again in the list of not found pages... bnecause I don't see any other way to check if those links are still there...

 

Oh, and these links don't appear in the sitemap for my site.

Link to comment
Share on other sites

Using a file comparison program such as Araxis Merge (45 day free trial) will help find things. Using a program such as that you can compare your files against a clean copy of osC (from the download area) and see if there are any extra files in your site and also compare differences between yours and a clean osC. You will have to download a backup of your site and osC to do this.

 

Do everything Vger suggested also.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...