Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacked webshop


whereangelsfall

Recommended Posts

Hi!

 

Our webshop was hacked the other day, and now looks like this: http://shop.whereangelsfall.com/shop/

 

Does anybody know if we'll have to set up everything all over again? I've managed to forget how to log onto the admin area since I had the link favourited on another computer. *grin* :-"

 

Also.. this was a first timer. Does anybody have any tips as to how this might've happen and how to prevent it in the future?

 

Hope somebody is able to help! :)

Link to comment
Share on other sites

Your admin is here:

 

http://shop.whereangelsfall.com/shop/admin

 

If you had the latest version of osC and "permissions" set correctly (folder = 755 files = 644) this isn't supposed to be possible.

 

It's also possible this wasn't your fault, but an exploit in the server itself.

 

If you can find the code modifications, you may not have to start over.

 

How about comparing source files with your most recent backup?

:unsure:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Your admin is here:

 

http://shop.whereangelsfall.com/shop/admin

 

If you had the latest version of osC and "permissions" set correctly (folder = 755 files = 644) this isn't supposed to be possible.

 

It's also possible this wasn't your fault, but an exploit in the server itself.

 

If you can find the code modifications, you may not have to start over.

 

How about comparing source files with your most recent backup?

:unsure:

 

Thanks for linking the admin area. I feel kind of silly not to know that even. ;)

 

As for the latest version and permissions... I'm pretty sure the permissions were set correctly, but I most probably don't have the latest version installed.

 

Would the code modifications I'm looking for be in the index file? Backup isn't my strongest side, so in some ways I probably needed this to learn. heh..

 

 

Thanks again for the reply!

 

EDIT: Ok. I just logged in to the admin area. *cough* It looks exactly the same. These guys really did their job. ;)

Link to comment
Share on other sites

The most obvious place to start is your /shop/index.php file.

 

There may also be changes in the DB and other source files as well.

 

Another source of hacking can be vulnerabilities in any mod's you installed.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If you Google this: Hacked By SLFAR & Cyber_Error you come up with a list, and most of them have nothing to do with osCommerce.

 

That implies a server vulnerabilty in my book, and not a "shortfall" in osC code.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If you Google this: Hacked By SLFAR & Cyber_Error you come up with a list, and most of them have nothing to do with osCommerce.

 

That implies a server vulnerabilty in my book, and not a "shortfall" in osC code.

 

Hm.. So you're saying it's the server itself which have been hacked, and there's nothing really I can do to fix it then?

 

That would probably explain why the admin area looks the same too I suppose?

Link to comment
Share on other sites

All I'm saying is that IF it's a server problem, "fixing" your website may not do any good, 'cuz it could happen again.

 

Of course, the people that run the server will probably tell you it's an osC problem just to cover their backsides.

 

I'm really not sleuth enough to tell you how to prove one way or the other.

 

The first place would be to see what's in the server log for your site.

 

That will tell you who's been into what, and when.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

All I'm saying is that IF it's a server problem, "fixing" your website may not do any good, 'cuz it could happen again.

 

Of course, the people that run the server will probably tell you it's an osC problem just to cover their backsides.

 

I'm really not sleuth enough to tell you how to prove one way or the other.

 

The first place would be to see what's in the server log for your site.

 

That will tell you who's been into what, and when.

 

Hmm.. I think I fell off somewhere here. Not sure how to access the server log. :-"

And I think the main website and the webshop are run on two different servers for some reason.

Link to comment
Share on other sites

Some web hosts give you access to a "shmancy-fancy" interface to see what's in your server log.

 

Some may require you to find your own way in. There are free server log viewing programs you can install.

 

All that's in the log is a record of what files were accessed and what time and from what IP address.

 

You may (or may not) be able to find out "how and when" they got in.

 

It would be a huge help if you knew approximately what time ("time" being the exact day) it was hacked.

 

That would just enable you to concentrate on a much narrower part of your server log.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

There have been a large bunch of server hacks where all index.XXX files are changed. I had it happen to my sites. Many times, the hacks just try to add online viagra sites but they are so poorly executed that they don't work but report virus or trojan notices to your customers.

 

The easiest way to fix it is to just go in and delete the current index files and replace them with known good ones. Then, scream at your hosting service to fix the server vulnerabilities! They know what they are!

Link to comment
Share on other sites

It's also possible this wasn't your fault, but an exploit in the server itself.

true, as on the normal server usually installed firewall to protect the websites & server it self against hackers attacks.

Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Link to comment
Share on other sites

  • 3 months later...

I just found out from this forum http://www.ozzu.com/hosting-forum/hosting-...rce-t45717.html that oscommerce has vulnerabilities because of register_globals

 

...here "Register globals are a "directive" within php. The world is moving away from register globals - if they arent used properly, they can create vulnerabilities...

As of php 4.2.0, register globals is off by default in php - previously, they were on by default. Alot of applications still rely on register globals and as such, we are in a bit of a transition period. Some hosts choose to have them off, however, the majority are keeping them on for now - simply because alot of the more common apps still require them (ie osCommerce) You can read more about this here: http://ca3.php.net/register_globals

Andrew - http://www.cartikahosting.com "

 

So how can one use osCommerce and be protected?

Link to comment
Share on other sites

I just found out from this forum http://www.ozzu.com/hosting-forum/hosting-...rce-t45717.html that oscommerce has vulnerabilities because of register_globals

 

...here "Register globals are a "directive" within php. The world is moving away from register globals - if they arent used properly, they can create vulnerabilities...

As of php 4.2.0, register globals is off by default in php - previously, they were on by default. Alot of applications still rely on register globals and as such, we are in a bit of a transition period. Some hosts choose to have them off, however, the majority are keeping them on for now - simply because alot of the more common apps still require them (ie osCommerce) You can read more about this here: http://ca3.php.net/register_globals

Andrew - http://www.cartikahosting.com "

 

So how can one use osCommerce and be protected?

 

 

REPEATING OURSELFS ARE'NT WE!!

 

osC has been compatible with register globals off for some time. You`ve just joined should'nt you check things out first!!

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...