Spammer using OSCommerce to spam from my email account

[TaylorATM]

I am having an issue with a spammer being able to use OSCommerce to send out mail using my OSCommerce. My host started my account over, I then reinstalled OSCommerce fresh, I reimported my database, and the hacker is still using my account.

 

That made me believe that the spammer was able to put script in my database somehow.

 

Has anyone had this issue and what text should I search my database for to see if I can locate the malicious script?

[germ]

By any chance do you have 'Allow Guest To Tell A Friend' or 'Allow guests to tell a friend about a product' set to true in your admin?

:unsure:

 

Both of those need to be false to keep spambots from using that as a vehicle to spam everyone and their brother.

 

With it false only registered members can use that and registering is something spambots don't normally do.

[TaylorATM]

I hope you are right. Since I have made the change there have been no emails sent by the spammer. Iwill updaete if I get anym more. Thanks for your help.

[spongeworthyinaz]

By any chance do you have 'Allow Guest To Tell A Friend' or 'Allow guests to tell a friend about a product' set to true in your admin?

:unsure:

 

Both of those need to be false to keep spambots from using that as a vehicle to spam everyone and their brother.

 

With it false only registered members can use that and registering is something spambots don't normally do.

 

I found "Allow Guest To Tell A Friend" and changed it to "False" last night. I looked and couldn't find "Allow guests to tell a friend about a product". Another batch of "SPAM" was sent out this morning. Where do I find the second one to change?

 

TIA,

 

Chris

[James McLain]

I found "Allow Guest To Tell A Friend" and changed it to "False" last night. I looked and couldn't find "Allow guests to tell a friend about a product". Another batch of "SPAM" was sent out this morning. Where do I find the second one to change?

 

TIA,

 

Chris

 

You may have a code insertion attack. That is someone or thing has inserted a block of code into the executable (PHP) files of your cart. Look for lines that start eval(Base64_Decode("jbljaluurl23j4....jUJ33").

 

This is more then likely forgeign code and it is very dangerous. If it is in your files it can do everything that YOU can do on the web sight, send emails, get passwords, credit card numbers, try to infect vistor's machines with viruses, etc.

 

I am working on an infected site now and though I got rid of all of these bad snippets one day, they all came back. This system also hides code in the MYSQL database table, I'm not sure where or even if it is the same place.

 

Search on these forums for more information.

 

James.

[inkmaker]

I am having an issue with a spammer being able to use OSCommerce to send out mail using my OSCommerce. My host started my account over, I then reinstalled OSCommerce fresh, I reimported my database, and the hacker is still using my account.

 

That made me believe that the spammer was able to put script in my database somehow.

 

Has anyone had this issue and what text should I search my database for to see if I can locate the malicious script?

 

I have had the same attack. A directory was inserted into my Catalog directory. Ok, changed the " Tell a guest . . ." to False.

 

Now I need to change the login AND the password to the Admin.

 

How do I do that? :blush:

[greeneggs]

Use PHP MyAdmin, go into the user table, change your login, make sure your email is correct, then go to the login page and click on forgot password link. You will get sent a link to reset your password.

[inkmaker]

Use PHP MyAdmin, go into the user table, change your login, make sure your email is correct, then go to the login page and click on forgot password link. You will get sent a link to reset your password.

 

 

I don't know where this "Login "page is. My browser has the passwords and login info stored and it goes straight to the Admin page.

I changed my password in MySQL management and then went into the includes -> configure.php and changed it there as well. That got the job done.

There are some things that need to be done to protect the Catalog Directory. Any help would be appreciated.

 

Also, I deleted the file related to Allow Guest To Tell A Friend just incase someone has it bookmarked and can get into it that way.

 

Charles H

[spooks]

There is a well known hack that allows a hacker to access your pages without any passwords, I`m surprised there seems to be no mention of that here.

 

 

If you follow the procedure detailed in the OP of http://www.oscommerce.com/forums/index.php?showtopic=313323 esp the admin stuff, you will be imune.

[inkmaker]

I don't know where this "Login "page is. My browser has the passwords and login info stored and it goes straight to the Admin page.

I changed my password in MySQL management and then went into the includes -> configure.php and changed it there as well. That got the job done.

There are some things that need to be done to protect the Catalog Directory. Any help would be appreciated.

 

Also, I deleted the file related to Allow Guest To Tell A Friend just incase someone has it bookmarked and can get into it that way.

 

Charles H

 

WELL! That made things worse! Now the Catalog won't connect to the Data Base.

I guess there is a password in there as well. I'll have to search all night to find that one . . .php

 

Anyone know where it is?

[inkmaker]

WELL! That made things worse! Now the Catalog won't connect to the Data Base.

I guess there is a password in there as well. I'll have to search all night to find that one . . .php

 

Anyone know where it is?

 

 

I found the error - I knocked off a " )" when I edited the password in configure.php

Great to have a backup even if it it is a month old!

Charles H :blush: