BarrySmith Posted April 26, 2009 Posted April 26, 2009 Hi, Please can you visit my website. You will noticed that it has been hacked into. fortunately at the moment I have not taken any orders so all is okay. Can anyone advise if this person actually exploited a loophole within oscommerce and also measures to ensure this does not happen again. I am really worried out this issue so any help would be most appreciated. Thanks and regards. Barry. I have built an online store solely with the help of this forum.
GemRock Posted April 26, 2009 Posted April 26, 2009 more likely a loophole in the hosting server or week, easy to guess passwords. Ken commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile). over 20 years of computer programming experience.
Jan Zonjee Posted April 26, 2009 Posted April 26, 2009 Can anyone advise if this person actually exploited a loophole within oscommerce This is not a loophole. You: A. Did not rename your admin folder to something not so easily guessable B. You did not add .htaccess protection to that directory. So first do A. and then do B. You put the name of your new shop everywhere (also as a link in your signature which is against our forum rules) so I would be quick with the renaming if I were you.
spooks Posted April 26, 2009 Posted April 26, 2009 http://www.oscommerce.com/forums/index.php?showtopic=313323 Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
BarrySmith Posted April 26, 2009 Author Posted April 26, 2009 http://www.oscommerce.com/forums/index.php?showtopic=313323 Thanks for the repsonses. I have removed my site form my signiture. Apologies for breaking the forum rules on this issue. Regarding the admin folder, I thought it had to be called admin I presume this is not the case then? I have built an online store solely with the help of this forum.
Guest Posted April 26, 2009 Posted April 26, 2009 Thanks for the repsonses. I have removed my site form my signiture. Apologies for breaking the forum rules on this issue. Regarding the admin folder, I thought it had to be called admin I presume this is not the case then? No, you can rename it anything, just adjust the configure.php files.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.