Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site Hacked


Guest

Recommended Posts

Posted

I have a friend with a Oscommerce site that has sent an email to it's customer base.

It is the newer release.

 

I have read the other thread containing the security updates we need to do.

So I'll give that to him.

 

My question is, if only an email has been sent is it necessary to restore the site?

 

Sorry, if this is a stupid question. I just wondered because it's an email as opposed to

recurring code (such as the google link that keeps appearing in the other thread).

 

Also, how do I email the customer database to aplogize for the spam, etc.

 

Any help would be appreciated.

 

P.S. I accidentally put this post in another forum, so I am not posting in multiple forums intentionally. I will try to get the other post removed and at least put a note on it to reply here.

Posted

If you have someone who can spot "rogue code" look over every file in every folder and verfiy the hackers haven't left behind any malicious entities, a complete restore may not be necessary.

 

That's just my opinion, for what it's worth.

 

That's not as "foolproof" as a restore from a so called "clean backup", but if you can't spot "rogue code" how can you be absolutely certain the backup is "clean" knowing full well that this vulnerability has existed for some length of time?

:unsure:

 

Kind of a "catch-22"...

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Posted

If you have someone who can spot "rogue code" look over every file in every folder and verfiy the hackers haven't left behind any malicious entities, a complete restore may not be necessary.

 

That's just my opinion, for what it's worth.

 

That's not as "foolproof" as a restore from a so called "clean backup", but if you can't spot "rogue code" how can you be absolutely certain the backup is "clean" knowing full well that this vulnerability has existed for some length of time?

:unsure:

 

Kind of a "catch-22"...

:blush:

 

I understand your point. This guy's site is very static with very low orders so I can probably get him to go back pretty far for his backup and it won't really impact him. There's a big thread down in security with someone else having the problem so I'll take a look at that.

 

Thanks for answering!

Posted

If you have someone who can spot "rogue code" look over every file in every folder and verfiy the hackers haven't left behind any malicious entities, a complete restore may not be necessary.

 

That's just my opinion, for what it's worth.

 

That's not as "foolproof" as a restore from a so called "clean backup", but if you can't spot "rogue code" how can you be absolutely certain the backup is "clean" knowing full well that this vulnerability has existed for some length of time?

:unsure:

 

Kind of a "catch-22"...

:blush:

Posted

I always answer your posts when I think I can help.

 

You're one of the nicest persons on the forum and I think you have just about the cutest avatar I've ever seen!!!

:rolleyes:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Posted

I always answer your posts when I think I can help.

 

You're one of the nicest persons on the forum and I think you have just about the cutest avatar I've ever seen!!!

:rolleyes:

 

Aw shucks, germ. Thanks for the compliment. You've helped me many times and I really appreciate it.

We better stop now, or someone will puke on our posts! *LOL.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...