Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Please Help ! Host Server hacked, what to do now?

CdoGG

By CdoGG
in General Support

Recommended Posts

CdoGG

CdoGG

Posted
Posted

I almost have my OSC site ready. I just need to install my webpayments pro module and FedEx module. I got a phone call from a security type company that monitors phishing sites for banks. They told me there is an illegal website posing as uk bank to get peoples pass words and logon info. They told me I was hacked. Sure enough. I look at my sever space and a new subdomain was made that I didn't put there.

 

I deleted it. I changed all of my passwords. I plan to reformat and reload my os on my pc's incase they got me with a keylogger or something.

 

I think I am going to move to another host just to be on the safe side. I am still getting bounce backs in my email from were they use it to send out a ton of emails.

 

My question is, Should I trash my osc that I have worked so hard on and start over or transfer it to my new host when I get it?

 

Could they have compromised my OSC ? I don't want my customers to be at risk.

 

Also does anyone know of a good host with unlimited add on domains?

 

Thanks

C

digipete

digipete

Posted
Posted

Chris,

 

Sorry to hear about your intrusion. That's just plain creepy!

 

I wouldn't "trash" the development you've put in, but if I were you, I would begin as clean as possible. In my humble opinion, when a hack like this ocurs, your web host may be equally to blame. You might consider changing hosting companies as well.

 

Question - were you using a Cpanel hosting platform? Just curious.

 

 

Pete

NO Stress

NO Stress

Posted
Posted

That sucks!!!

 

Did you make a backup on your host site? If you did it may not be compromised and you can move that to your new host site. I use Simplehost.com. No frills but no limits ether and cheep. Tech support is good but not on OSC problems.

 

Hope this helps,

Crystal

dannyls

dannyls

Posted
Posted

I may be able to help. I won't charge you a thing, just contact me and I'll let you know if anything is recoverable.

jamie1183

jamie1183

Posted
Posted

I had the exact same problem althuough it was not with oscommerce, I had a clone of paypal installed on my server, they get in through folders that have 777 write settings, you don't need to worry they have not hacked your computer and you do not need to delete what you have done, just simply find the folder they have installed delete it and find the folder they have accessed through, your host should be able to do this for you.

 

If you need any help with anything please fell free to ask If you download all you files delete the hosting account and resetup and reload all your files will be plenty.

 

The email thing is also a very common issue when using scripts they somehow manage to use your email address to send our emails I have had this on 3 accounts so far, I started deleting the accounts to start with but then realized eventually they stop after a day or so.

 

hope this helped

CdoGG

CdoGG

Posted
  • Author
Posted
Chris,

 

Sorry to hear about your intrusion. That's just plain creepy!

 

I wouldn't "trash" the development you've put in, but if I were you, I would begin as clean as possible. In my humble opinion, when a hack like this ocurs, your web host may be equally to blame. You might consider changing hosting companies as well.

 

Question - were you using a Cpanel hosting platform? Just curious.

Pete

 

 

Yes. I was and I know my password wasn't the greatest either. But Ive changed that now. I am very new to OCS and php . I think I will move to another host. Now I just need to figure out how to transfer the OSC install.

jamie1183

jamie1183

Posted
Posted

If you email me [email protected] I can speak to you about hosting, we have our own server and monitor it, don't normally let people on it who's site I have not done but email me and I'll help you out. I can transfer the site for you.

CdoGG

CdoGG

Posted
  • Author
Posted

I contacted my host support. They tracked the ip that uploaded the site to Lebanon ! It looks like thats all they did from what I can see on the logs. Support told me they think they just figured out my password. I must admit I had a lame and weak password. .......

 

Not anymore :)

 

I think I will be ok...

 

What do you guys think ?

geoffreywalton

♥geoffreywalton

Posted
Posted

Include numbers and a mixture of upper and lower case letters.

 

Do not use words in a dictionary.

 

Those 2 tips should give you a much harder to guess password

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

digipete

digipete

Posted
Posted

I think your host support is probably right - there's a fairly short list of passwords that people commonly use. Definitly use a cryptic password - letter and numbers, upper and lower.

 

I will definitely repeat my earlier advice. Change hosts.

 

I take no glee in badmouthing anyone's service, but the vast majority of break ins that I've heard about, plus my own experience, happened with servers running Cpanel.

 

Your host support may have told you you're good to go, but that's their job. They want to keep you.

 

Remember, if this happens again and your customer's personal information is loosed among a network of bad guys, You're Liable! Don't mess around with this.

 

 

Just my $0.02

 

 

Pete

CdoGG

CdoGG

Posted
  • Author
Posted
I think your host support is probably right - there's a fairly short list of passwords that people commonly use. Definitly use a cryptic password - letter and numbers, upper and lower.

 

I will definitely repeat my earlier advice. Change hosts.

 

I take no glee in badmouthing anyone's service, but the vast majority of break ins that I've heard about, plus my own experience, happened with servers running Cpanel.

 

Your host support may have told you you're good to go, but that's their job. They want to keep you.

 

Remember, if this happens again and your customer's personal information is loosed among a network of bad guys, You're Liable! Don't mess around with this.

Just my $0.02

Pete

 

 

Thanks for the advice. I think I will finished developing it and transfer it to a new server after I am done.

 

 

Now I will just need to figure out how to do that.

 

Thanks for the help everyone. I will probably post again when I am ready to make the move.

 

Jamie1183, I might take you up on that. I will contact you in a bit.

 

Thanks

Chris

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...