Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hack trough categories.php


aktur

Recommended Posts

Posted

Hello,

 

I've enabled write protection and logging on my host and in the log I notice following entries:

 

May 22 18:14:21

ausfuehrendes Script: ~/catalog/admin/categories.php ~/catalog/admin/categories

betroffene Datei: catalog/images/fsr.php

Vorgang: deny[create]

 

 

It means, that categories.php tries to save in catalog/images/. I was following all steps in protecting my site but it seams that there are still leaks.

 

categories.php is in admin folder. How the hacker is able to execute it without logging as admin?

Posted

How the hacker is able to execute it without logging as admin?

Not a clue but it would be good to add an .htaccess to that directory with this code in it.

 

Paste it in a new file, remove line numbers of course. Upload it to the images directory as htaccess.txt and then rename it to .htaccess

Posted

Hello,

 

I've enabled write protection and logging on my host and in the log I notice following entries:

 

May 22 18:14:21

ausfuehrendes Script: ~/catalog/admin/categories.php ~/catalog/admin/categories

betroffene Datei: catalog/images/fsr.php

Vorgang: deny[create]

 

 

It means, that categories.php tries to save in catalog/images/. I was following all steps in protecting my site but it seams that there are still leaks.

 

categories.php is in admin folder. How the hacker is able to execute it without logging as admin?

 

You've been hacked. THis happened to me on a test website where I did not lock down the testing permissions from 777 to what they should have been. They will add iframes directed to malware content on another side. You may also have a new policy.php file and changes to one or more of your PHP files. I was running SiteMonitor so I saw this, and Godaddy also alerted me that I was now on a Google malware list. I've now -- sadly - had to go get rescanned from Google (you request this through your Web Developer interface in your Google account). Anyways, huge bother. I, too, had the fsr.php in the images directory.

 

This is a good reason to always sandbox your testing environments. So, your money-making sites don't get brought down/tagged by Google.

 

I recommend you restore your source files, and make sure everything is locked down permissions-wise.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...