How do I stop these hijacks its embarassing!

[srober]

Im getting constant emails all comming from the UK that my site is getting hacked or hijacked by phishers. Its absolutely embarassing and its destroying my trust with clients. They are in the catalog/image, catalog/upload, a couple of files that I myself added. What do I do? My stomach turns everytime I check my email now. I had this site running for 3 years and this never been a problem until now. Most of the mimick sites is a bank called Halifax.

 

Thanks

[srober]

I just relized there is no catalog/upload in the original oscommerce catalog how are they doing this?

[digilee]

errr you are being sent an email from who? a customer or a scammer?

[srober]

errr you are being sent an email from who? a customer or a scammer?

 

Supposely the email is comming from someone that has been sent the link to checkout themselves. I have random files being created within oscommerce that mimics actual websites. All I been doing in the last month is deleting such files and changing the permissions as a temporary fix. Untill now I thought it was a security issue withing oscommerce! But I just noticed a new file has been created on the server that is not even in the catalog folders that is a phisher file so I just emailed the web host company about it. This could of been a issue on thier side all along!. I hope so they can fix it!

[digilee]

It's nothing to do with OSC per-se, more likely a security breach on your server itself. I would speak (as in telephone, not email) to your hosting company immediately.

[DejaVu]

First thing to do is change your username/passwords for access to the server. FTP/Control Panels.

 

I would have done this first though to see if it solves the issue.

 

Just incase your wondering. Halifax is a legit bank in the UK (If your from the US or elsewhere and never heard of it!)

 

http://www.halifax.co.uk to check the layouts. Also, if they are mimicing the bank, report it to them as they WILL investigate as a priority. They are a very reputible bank in the UK!

[srober]

I changed the password last week and it happend afterwords.

[germ]

Changed all your .htaccess passwords?

:unsure:

 

And it's not beyond the realm of possibility that some PC you regularly use to access your site has some sort of trojan or keylogger stealing information and passing it along.

 

Security is just like a chain... Only as strong as the weakest link...

>_<

[♥Vger]

If the server is insecure then you can take all the security measures you like and it will still happen. These sort of hacks occur between 2 and 4 times a year with cPanel because it has no jailed root and poor security.

 

Vger

[srober]

If the server is insecure then you can take all the security measures you like and it will still happen. These sort of hacks occur between 2 and 4 times a year with cPanel because it has no jailed root and poor security.

 

Vger

 

There response is to make sure my scripts are updated? That they are probably code injection the files, I have no idea what that means. Ace-Host is the web host if anyone is interested or no their reputation.