Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

My Site is attacked and Help


dansino

Recommended Posts

Hi guys,

 

My website: www.officeconsumables.com.au

 

Recently, I found there is a problem:

 

when I use the google, search for keywords, such as "canon g&g Ink Sydney"

I was redirected to another site.

4415534326_0f5b52a237_b.jpg

 

then pop up a window

 

4415534492_b76628b168_b.jpg

 

But this issue just happen One time everyday, and then, after that, looks normal.

 

I had been to Cpanel, found the CPU Usage is very high.

 

anyone can tell what's happen to the site?

 

Thanks very much!

 

Dansino

Link to comment
Share on other sites

It would appear your site has been hacked & is linking to a fake anti virus site.

 

Disable your site now (google will do so soon too if you don't take action)

 

Check all your site files against your last uploaded ones & check any altered ones for hackers code.

 

Once you have confirmed the hack, , get host to wipe site & restore with your backup, then add security.

 

 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

I would guess you're a victim of this hack

 

I looked at a page cache of your in google and it had many hiddem spam links in the source.

 

If I visit the page myself the links don't show up.

 

The hackers have it coded to show their junk only when search engines spider the site. They probably are keying on IP addresses.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I would guess you're a victim of this hack

 

I looked at a page cache of your in google and it had many hiddem spam links in the source.

 

If I visit the page myself the links don't show up.

 

The hackers have it coded to show their junk only when search engines spider the site. They probably are keying on IP addresses.

 

Thanks Jim, what should I do for this website, following this:?

------------------------------------------------------------------------------------------------

To clean your site you have two options,

1, delete the entire set of PHP files on your server, (this hack will infect every single PHP file regardless of where it belongs, i.e non osC files will also be infected)

And restore from a good back up. This is the best and easy route.

 

2, You need to find the source of the files that have been placed on your server, they are always hidden well away from the top level, to do this you need to copy the top line and paste it to a Base 64 decoder, I have my own file for this but you will be able to use any of many on the internet, here is one

 

This will reveal the location of the files you have to remove, note that it could be from 1 file to upto 30, and in some cases they will overwrite the files that should be in the host folder.

 

Once this is done, and the original files are restored, you have to go through every single PHP file and remove the code from the top line, I suggest you use a search / replace tool for this or its going to take you a very long time!

 

When this has been done it will be good practice to “drop” your database, and upload a recent backup you took prior to infection, also check that there are no new users on the database, I’ve not come across this yet, but have heard it happens.

 

Now your site is free on the code, you need to prevent it from happening again.

 

-----------------------------------------------------------------------------------

 

Thanks very much!

Dansino

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...