Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Another Phishing Attack!


srober

Recommended Posts

I just checked my email and my hosting company just informed me that had to take my site down. This is the second time they did this in a month. I been battling Phishing content being put on my site for 6 months. This time I started from scratch and built a new store with the latest version of Oscommerce. This time they put the content in catalog/ext/modules/payment/worldpay/worldpay(the 2nd is the phishing content) If I remember correctly this path didnt exist in the older version of oscommerce I had. Is this a documented problem or am I the first this is stressing me out.

Link to comment
Share on other sites

Even though I have no responces im going to update you anyways because....well im desperate and ready to cross 4 states to my hosting company for their lack of help.

 

Three times since I started this message I have been informed by my hosting company that they was forced to shut the site down due to phishing issues. Ok thats fine exept I have not added any files to the freshly created public_html file they created for me. I have changed the password early this morning and twice since then the files that the hosting company moved into a backup folder has mysteriously been restored to the public_html folder. Now how does that happend? My hosting company (Ace-host) doest seem to understand the problem. They keep refering that Oscommerce has some bad scripts that the hacker is probably injecting the phishing content through.

 

Ok if thats the case then how are they able to access my account and restore all the files that they themselves moved? Im not server smart or know how all that works and I feel as if they are giving me the run around because of my lack of knowledge

Link to comment
Share on other sites

It sounds like your hosting company don't know how to secure the server your site is on. They may be using an out of date version of cPanel which allows penetration of all websites via the root of the server.

 

Provided you do the following you should not have any problems with osCommerce security:

 

1. Make sure that permissions on all folders are no higher than 755 (777 is full permissions and a major security risk)

 

2. Make sure that all files have permissions of 644 (no higher), except for the two configure.php files which should have permissions of either 644, 444 or 400 (which setting is correct depends on your server setup).

 

3. Rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin), and edit the two references in admin/includes/confgure.php from /admin/ to /new_name/

 

4. Password protect the newly renamed 'admin' folder via your web hosting control panel - any previous protection will have been removed when you renamed the folder.

 

5. If you are using vRC1 or RC2 of osCommerce then do not rely on the osCommerce admin login page as this can be cracked - you need to protect the folder as well.

 

6. Remove the file_manager.php file from the 'admin' folder, and remove this line from admin/includes/boxes/tools.php

'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

 

 

If they still get in - find a new host.

 

Vger

Link to comment
Share on other sites

It sounds like your hosting company don't know how to secure the server your site is on. They may be using an out of date version of cPanel which allows penetration of all websites via the root of the server.

 

Provided you do the following you should not have any problems with osCommerce security:

 

1. Make sure that permissions on all folders are no higher than 755 (777 is full permissions and a major security risk)

 

2. Make sure that all files have permissions of 644 (no higher), except for the two configure.php files which should have permissions of either 644, 444 or 400 (which setting is correct depends on your server setup).

 

3. Rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin), and edit the two references in admin/includes/confgure.php from /admin/ to /new_name/

 

4. Password protect the newly renamed 'admin' folder via your web hosting control panel - any previous protection will have been removed when you renamed the folder.

 

5. If you are using vRC1 or RC2 of osCommerce then do not rely on the osCommerce admin login page as this can be cracked - you need to protect the folder as well.

 

6. Remove the file_manager.php file from the 'admin' folder, and remove this line from admin/includes/boxes/tools.php

'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

If they still get in - find a new host.

 

Vger

 

I may have to find a new host fast. This site is primarly used to register participants to a event that will be held in March. This is about the peak time for everyone to register. I will do the following I have used the cpanel password anyways as I wasnt sure how much I could trust the admin password add on in the latest version.

 

Im just waiting for their latest responce to my ticket, to me its all pointless to restore the website when in my eyes the server is being hacked because someone else is restoring all the files to the public-html directory.

 

Does anyone suggest a host to use? In reality I only need one for less than 2 months as I will probably be going to a webdesigner for dummies package that host and give you their web building software or if I can find one a prebuilt event/registration site I can upload to a server and run ourselves as it will be cheaper in the long run then using a event planner site every year as their fees are pretty high.

 

Thanks for the help

Link to comment
Share on other sites

They offered to start my account over on a new server. I suppose thats better than nothing I just hope this fixes the issues for atleast for the next two months. Of course they suggested I upgrade my plan I am awaiting to see what the difference is security wise because all the extra garbage wont benifit me.

 

I am thinking about using the site monitor contribution anyone have any experience with it?

http://addons.oscommerce.com/info/4441

Link to comment
Share on other sites

They offered to start my account over on a new server. I suppose thats better than nothing I just hope this fixes the issues for atleast for the next two months. Of course they suggested I upgrade my plan I am awaiting to see what the difference is security wise because all the extra garbage wont benifit me.

 

I am thinking about using the site monitor contribution anyone have any experience with it?

http://addons.oscommerce.com/info/4441

 

Site Monitor is good because it will let you know if someone drops something hidden into your site.

 

But you won't know about it until it's already happened, and then only if you remember to run it... unless you set it up to run regularly in your cron file.

 

It won't prevent anyone from breaking in though.

 

Ed

Link to comment
Share on other sites

Back to the original post is there any known security issues in the catalog/ext/modules/payment/worldpay directory as this was the first encounter with the Phishing content. All other Phishing content was located outside the catalog folder.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...