Woke up today, all my images are gone. Folder is just empty.

[kdogg]

Woke up today, all my pictures for my OS commerce site are just gone. This happened to someone else I know recently too.

 

Whats going on with this? The image directory is just empty. This wiped out all my product pictures, site headers, etc.

[FIMBLE]

HiCheck with you host to see if they have carried out any work on the domain, look in your error logs for an indication of what may have happened.

Nic

[kdogg]

I did, they said no.

 

They seem to think its an OS Commerce exploit because it happened to one of there other customers running OS Commerce too. They told me to come ask here.

[FIMBLE]

I did, they said no.

 

They seem to think its an OS Commerce exploit because it happened to one of there other customers running OS Commerce too. They told me to come ask here.

 

OK, can you paste a copy of your index.php file on here?

Also what is your URL?

Nic

[kdogg]

OK, can you paste a copy of your index.php file on here?

Also what is your URL?

Nic

 

I would rather send it to someone privately then to post it here. :)

[MrPhil]

What permissions are your directories, particularly the emptied-out one(s)? If you keep your directories "world writable" (777) any other user on your server can erase all your files on a whim. Directories should be 755 until proven guilty (osC complains that it can't write to a directory); then try 775 and then 777. See http://www.oscommerce.com/forums/index.php?showtopic=327395&view=findpost&p=1443272

[FIMBLE]

What permissions are your directories, particularly the emptied-out one(s)? If you keep your directories "world writable" (777) any other user on your server can erase all your files on a whim. Directories should be 755 until proven guilty (osC complains that it can't write to a directory); then try 775 and then 777. See http://forums.oscomm...dpost&p=1443272

 

If you dont post it then we cant help you, individual assistance helps you but not other with the same / similar problem who need help

NIc

[kdogg]

Looks like the directory is set to 644

[FIMBLE]

Looks like the directory is set to 644

 

See if you have code like this at the top of your files

 

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC

Nic

[MrPhil]

Looks like the directory is set to 644

The directory is 644? That won't work! It should be 755. At least you'll be able to see the files in your directory. Now, how did it get to 644? Could someone have hacked your site?

[kdogg]

The directory is 644? That won't work! It should be 755. At least you'll be able to see the files in your directory. Now, how did it get to 644? Could someone have hacked your site?

 

Hi guys, I'm sorry I haven't posted anything yet but thats part of the reason I didn't. I'm wondering if we got hacked.

 

Lucky for me, I'm somewhat paranoid so I keep ALL user data including payment stuff on another server but this is semi annoying none the less. I mean keep backups but still.

 

I changed the permissions back to 755 and it seems to have made pictures show. Seems the dir was not empty. However, I'm still missing a LOT of pictures and I don't know where they went.

 

I'll post the info you guys requested at soon as I figure some things out.