Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site hacked causing popup


Guest

Recommended Posts

Today I'm getting a popup asking to install an add-on when I access my Admin or Catalog. Checking through my Host file manager, I find that the htdocs and Index have been modified at 3am today. I'm not sure what I'm looking for in the Index to see if anything was added. Site is www.webberaerialimaging.com/catalog Not sure what the popup is but it triggers my virus checker as a Trojan

 

Any assistance is greatly appreciated!

 

Thanks,

 

Mark

Link to comment
Share on other sites

I've checked over both Index files(catalog and admin) and cannot find what was added. I'm wondering if it's possible to just replace my current Index files with a clean version. Also, is it possible to download just the index files from here?

 

Thanks,

 

Mark

Link to comment
Share on other sites

This does only seem to affect the index pages. Product pages do not generate the popup. Can anyone check my index for unwanted code? No matter how long I stare at it, I don't see the problem.

Link to comment
Share on other sites

I reckon that whole iframe shouldn't be there.

 

A quick google around suggests that the x-traff.info site is a deploy vector for malware.

 

Presumably, somebody has written the iframe to your php files.

Link to comment
Share on other sites

Ok, I've removed the whole iframe. Site seems to function normally now. I can only figure that it was accessed via the admin. Is it possible to change the Admin file name to make it more difficult for hackers in the future to locate my admin page?

 

EDIT: Seems I was wrong. Recent access is still pulling a popup for that site. Must be multiple entries. Oh Boy...

Link to comment
Share on other sites

Ok, I've removed the whole iframe. Site seems to function normally now. I can only figure that it was accessed via the admin. Is it possible to change the Admin file name to make it more difficult for hackers in the future to locate my admin page?

 

EDIT: Seems I was wrong. Recent access is still pulling a popup for that site. Must be multiple entries. Oh Boy...

 

 

Yes you can rename your admin folder to anything you want it to be. You just need to be sure to change the path in your config files.

Link to comment
Share on other sites

Probably Your system wher You are doing PHP development has been attacked and it will write to PHP files.

So unaware You will be uploading these files.

 

Try some antivirus or other solutions to clear You PC.

Take this seriosly as some visitors might get afraid and will never visit Your site plus some search engines may ban Your site if malwares/trojens reported.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

I have not done any work on the site, particularly at the time this all occured. I have checked over my compter, in any case. Thank you for the suggestion.

 

Pardon my ignorance, but which and how many config files need the paths changed if I rename the Admin?

 

I also cannot locate where to change my login/password.

 

Thanks for all the help, so far.

 

Mark

Link to comment
Share on other sites

Finally got it all cleaned out. Every Index file was infected(wow, there are a lot of them). All pages on the Admin and Catalog sides load w/o the popup.

 

Now, for new security measures. How to change Admin and reset login/password?

Link to comment
Share on other sites

Now, for new security measures. How to change Admin and reset login/password?

 

If memory serves, you can just use your FTP client to rename the admin directory. I don't think there are any paths to change.

 

Your server administration / control panel may have a tool for writing new .htaccess / .htpasswd files.

Link to comment
Share on other sites

I did see a few config files that had defined 'admin'.

 

I'll check the server control panel. Don't recall seeing that tool, but I'll check.

 

Thanks

 

Edit: Got the password changed on the server control panel. Thanks for that! I remain a bit concerned about renaming the admin file w/o changing any of the paths.

Link to comment
Share on other sites

If memory serves, you can just use your FTP client to rename the admin directory. I don't think there are any paths to change.

 

Your server administration / control panel may have a tool for writing new .htaccess / .htpasswd files.

If you rename the folder on your hard drive and ftp it to the server, you'll need to make sure you also delete the old admin folder from the server and change the path to admin in the admin folder cofiguration file.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...