Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Somone hacked my site....


mase2hot

Recommended Posts

Hi,

 

someone with plenty of time hacked my site today http://www.jcdcgadgets.co.uk/shop/ it was only a test site while I messed around with a template. The only place where I had published the url was this forum so probaby some nutter who saw it here as site was only live since friday.

 

Anyone have any ideas on how this was done? I'm a little concerned that if its easy to hack that when I get my site up an running the same thing could happen...

 

any advice would be great, my isp is quite secure well I think it is...lol

Link to comment
Share on other sites

There's a PHP file in your images folder (c99.php).

 

Did you put it there?

 

Do you have any folders with 777 permissions? They should be no higher than 755.

 

Improper permissions is the easiest way to get hacked.

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

c99.php no i didnt how did you find it though amoung the amount of files I had?

I was told to include a .htaccess file in the root of the images directory when this happened to me. heres a copy

 

# secure htaccess file

<Files .htaccess>

order allow,deny

deny from all

</Files>

 

# disable directory browsing

Options All -Indexes

 

# secure directory by disabling script execution

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Options -ExecCGI

 

 

Apparently only works on Apache servers.

 

What exactly happens when they plonk files in this directory? I guess they run a script which mines all your data and squirts it back to the b*****s?

Link to comment
Share on other sites

It may be best to get your site wiped & restore from backup, I`ve noticed that sometimes these hackers add seemingly inocious stuff, but put nasty viri, worms, backdooors etc hidden away.

 

Also:

http://www.oscommerce.com/forums/index.php?showtopic=313323

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...