Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

my store was hacked, I want to make sure everything ir ''clear''

masvv

By masvv
in General Support

Recommended Posts

masvv

masvv

Posted
Posted

so my store was hacked (in fact hosting was hacked) and the hacker had access to my cpanel, ftp, admin folder of the store. I want to know in which file could the hacker added a code to be able for example to receive all e-mails sent by the store to people that make an order (so he could receive orders e-mail as I receive).

Is there something in the cpanel he could had added to always get my password from there?

my e-mail that receives orders is [email protected], I searched for it in store database, nothing suspicious at all but I am scared te hacker is still accessing my info.

 

also is it possible to have an ip log of ips that accessed my cpanel and the folder admin in the store?

Gauravs

Gauravs

Posted
Posted

Export database and recreate the store. PHP codes (one liners) could be added to each line, and also, your account information in configure.php would be always available if you intend to manually clean the files, exposing your store to one more hack.

 

Even if they have stored anything in database, they need code to execute and fetch the info for them, so rest assured, you don't have to worry about entry in database.

 

CPanel is controlled by your hosting provider, so unless there security is breached, hackers can't modify them to get your credentials now.

Best Regards,
Gaurav

masvv

masvv

Posted
  • Author
Posted
Export database and recreate the store. PHP codes (one liners) could be added to each line, and also, your account information in configure.php would be always available if you intend to manually clean the files, exposing your store to one more hack.

 

Even if they have stored anything in database, they need code to execute and fetch the info for them, so rest assured, you don't have to worry about entry in database.

 

CPanel is controlled by your hosting provider, so unless there security is breached, hackers can't modify them to get your credentials now.

 

ok, I will try that but what if I try to search in each file of the store, what should I search for? a @? a ''send form''?

do you know in which tables of the db there should be a ''@'' or a ''.com''? so I can compare the number customers e-mails to the number of e-mails saved in database, each registered customer means 1 or 2 e-mail (e-mail and MSN register fields).

 

I am asking you that cause if I find out he is trying to steal my data, I will sue him

 

ty vm for the help man

Gauravs

Gauravs

Posted
Posted
ok, I will try that but what if I try to search in each file of the store, what should I search for? a @? a ''send form''?

do you know in which tables of the db there should be a ''@'' or a ''.com''? so I can compare the number customers e-mails to the number of e-mails saved in database, each registered customer means 1 or 2 e-mail (e-mail and MSN register fields).

 

I am asking you that cause if I find out he is trying to steal my data, I will sue him

 

ty vm for the help man

 

There are so many scripts, to be honest that you can't trace them just by search, unless you run a file comparison for each file with the original to see what new code has been inserted, or know each hack that may be embedded in scripting languages. It could be additional iframes and other script hacks, and I am afraid a search for text like @ or email id's / strings wouldn't take us far....

 

As I mentioned regarding entries in database, if they have simply replaced customer id with their own, they can't do anything with that id ,as long as you make the codes redundant (by fresh install), and if you have a recent backup of database, install that to ensure no new fields, updates in database come in picture after new install.

 

Get raw access logs from your ISP to trace down the culprits, and I am not sure if there is Net Police to register a complaint (gives me an idea to start a site on that :) )

 

HTH

Best Regards,
Gaurav

masvv

masvv

Posted
  • Author
Posted

''updates in database come in picture after new install.''

what you mean by that?

 

''Get raw access logs from your ISP to trace down the culprits''

how do I do that?

 

ty man

Gauravs

Gauravs

Posted
Posted
''updates in database come in picture after new install.''

what you mean by that?

 

''Get raw access logs from your ISP to trace down the culprits''

how do I do that?

 

Assuming I inserted something in database. To extract it from database, I need something in the front-end (ie PHP) to fetch data from database, that I can abuse. Thus the first statement, that any change in database made by hacker would not be useful after fresh install since the front end code would not be available to them anymore.

 

Raw access logs - each server (ISP / Hosting Company) maintains logs for a daily site activity. Ask your hosting company to share the logs with you, if the person who hacked your site has a fixed IP (or a range), you can block him / her using htaccess file. Based on IP you can also find out which country they came from and what all pages / links did they visit. It gives a little more information for you to identify hackers, or at least safe guard your interests.

Best Regards,
Gaurav

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...