forumsviewer Posted July 31, 2008 Share Posted July 31, 2008 So my friend's oscommerce website got hacked, or atleast has an open bug. He said that he received an email from someone asking for money to fix problems on the site and attached a list of data from the customers table in the database. My friend said that the list of customers in the database was correct, so he definitely had access to either the oscommerce backend or the database itself. What type of measures can he take? How can he find the IP address or any relevant information about this hacker? Could it possibly be a bug or just not a secure enough password or maybe not properly protecting configure.php in includes? Any information would be greatly appreciated. You can ask any questions and i'll get the answers from him if you need additional info. Thank you. Link to comment Share on other sites More sharing options...
spooks Posted July 31, 2008 Share Posted July 31, 2008 Check your site logs in cPanel, error logs will often show hacking attempts. Also look in stats for frequent visitors. You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752 You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441 You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914 You can add htaccess protection http://addons.oscommerce.com/info/6066 You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044 Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 How does one upgrade when you have a lot of custom development? The host has said that the version that we are running of the shopping cart software is back a bit. There are exploits in it he said. How would I get this fixed? Anyone here want a job? :) Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 The exploits have to do with using the URL to access certain tables in the database. I guess these are called "holes" or "exploits"? How would I know how to fix them? With a lot of custom development and changes in the coding, how would one upgrade successfully? Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 UPDATE I have come to realize that what they used was a SQL injection, specifically with customer_testimonials.php. Does oscommerce website have all of the SQL injection security threats listed anywhere? Link to comment Share on other sites More sharing options...
sLaV- Posted August 1, 2008 Share Posted August 1, 2008 UPDATE I have come to realize that what they used was a SQL injection, specifically with customer_testimonials.php. Does oscommerce website have all of the SQL injection security threats listed anywhere? customer_testimonials.php ?? thats not a standard OSCommerce file is it?? Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 spooks - one of your contributions listed actually mentions the customer_testimonials.php exploit. However, I was curious if there are any others that I should be aware of or if we are good by just installing all of those security contributions Link to comment Share on other sites More sharing options...
spooks Posted August 1, 2008 Share Posted August 1, 2008 Most of your questions were delt with my initial answer. Security Pro will stop injection attack, including sql the htaccess protection will stop most other attacks and block know bad bots/ips Yes testimonials is a well known hacking root, pehaps you should remove it. With reasonable coding knowladge & familiarity with osC it would be quite feasable to upgrade, you must take care though. Best best way is to set up a duplicate, upgrade that, then when fully working transfer, then no distruption or risk down time. The law requires you to secure customer info, so you must take all steps to that end. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 spooks - yes we are going to upgrade. For now, we needed a temporary fix and found one so that the hack, as i have read it, does not work on customer_testimonials.php Does the hack or anything extremely similar work on other pages by default? I just want to close this hack quickly and then start the upgrading over the weekend on a dev server then go into production. Link to comment Share on other sites More sharing options...
forumsviewer Posted August 1, 2008 Author Share Posted August 1, 2008 spooks (or anyone else) I just installed Security Pro. I have enabled it in the admin backend. How can I test to ensure that it is working? I tried browsing around the website and everything is functional. However, I want to make sure that it is actually working. Link to comment Share on other sites More sharing options...
spooks Posted August 3, 2008 Share Posted August 3, 2008 spooks (or anyone else) I just installed Security Pro. I have enabled it in the admin backend. How can I test to ensure that it is working? I tried browsing around the website and everything is functional. However, I want to make sure that it is actually working. Go to you search form, put in the query [w](o)%3Cr%3Ek|i*n^g You should then find query searched is 'working' And also try putting this url http://www.mysite.co.uk/catalog/advanced_s...)%3Cr%3Ek|i*n^g Should give same result Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.