Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

File Manager


peterbuzzin

Recommended Posts

Hi,

 

Have found on a few of my stores that File Manager is being used to maliciously to upload files (php files hidden in images folder) and placing obfuscated javascript within the head tag of pages.

 

This was brought to my attention after a few customers reported AVG warnings when they visited the sites.

 

To solve this I've deleted all file_manager.php pages from all of my stores (in my case it was an unused feature) and added lines to .htaccess so that scripts wont run from the images folder.

If it still don't work, hit it again!

Senior PHP Dev with 18+ years of commercial experience for hire, all requirements considered, see profile for more information.

Is your version of osC up to date? You'll find the latest osC version (the community-supported responsive version) here.

Link to comment
Share on other sites

Hi,

 

Have found on a few of my stores that File Manager is being used to maliciously to upload files (php files hidden in images folder) and placing obfuscated javascript within the head tag of pages.

 

This was brought to my attention after a few customers reported AVG warnings when they visited the sites.

 

To solve this I've deleted all file_manager.php pages from all of my stores (in my case it was an unused feature) and added lines to .htaccess so that scripts wont run from the images folder.

 

 

The issue has been known for some time, you must apply all measures given here to be safe.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...