eveorgan Posted June 12, 2010 Share Posted June 12, 2010 My site was hacked by a 'Tunisian Algerian hacker' who goes by the name of the 'Net Decrypter'. After some investigation, it turns out the suspect file was an 'index.html' file - once we deleted this, the homepage of the site went back to normal and continued to function normally. The problem is, every time we fix the problem, he hacks the site again - it just keeps happening. A long-term fix is needed - I'd really like to find out how to stop this from happening again and prevent him from doing this, as obviously it looks terrible if that's what people see when they log on to the site - a hack message. Does anybody have any idea what I can do about this, or whether there are any add-ons/upgrades/newer versions of oscommerce that would help with is/some fix that I can implement in my current version that would prevent him from getting in? I'm using version 2.2. Any replies or wisdom would be much appreciated. :) Eve x Link to comment Share on other sites More sharing options...
germ Posted June 12, 2010 Share Posted June 12, 2010 How to Secure Your Site If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Jan Zonjee Posted June 12, 2010 Share Posted June 12, 2010 How to Secure Your Site But start with this post. Link to comment Share on other sites More sharing options...
MrPhil Posted June 12, 2010 Share Posted June 12, 2010 If the hacker is merely inserting an "index.html" file into your site (and the server search order picks it up ahead of "index.php"), there are a number of possibilities. He may be using your osC "File Manager" to plant files -- get rid of File Manager and Define Language per instructions. He may be into your Admin directory -- rename and password protect it per instructions. He may have spyware on your PC used to maintain the site, and knows your password as soon as you type it in. Do a spyware scan to rid your PC of keystroke loggers and password sniffers. Change all passwords (server access, FTP, osC admin account) regardless of whether you found anything. Your server may be suffering an intrusion at a higher level -- consult with your hosting company if you can't stop the attacks. If you have other applications on your server, they may be out of date and vulnerable to hackers -- update them (as well as osC) to the latest version. If all he's doing is inserting "index.html", and you're on an Apache server, you might consider adding a line to your .htaccess file to tell it to look for "index.php" before "index.html": DirectoryIndex index.php index.html index.htm Also make sure you have Options -Indexes so that a hacker can't browse your image directories, etc., that don't have an index file. Link to comment Share on other sites More sharing options...
eveorgan Posted June 13, 2010 Author Share Posted June 13, 2010 Thanks so much everyone for the help - it's much appreciated. :) i have a few questions - MrPhil - where would i insert the "DirectoryIndex index.php index.html index.htm" in the .htaccess file? (On what line, etc) - I know a little coding but i'm not an expert. :) Just wondering where I would need to insert it? And same with the Options - Indexes - where does that go - in the same .htaccess file? And finally - Is anyone using the version 3.x of Oscommerce, and do you find that it helps with the security issues? I'm afraid that if i upgrade it it may make everything worse. Just wondering if anyone's tried upgrading after being hacked, and how it worked for you. Thanks again for the help so far, everyone. :-) Eve x Link to comment Share on other sites More sharing options...
eveorgan Posted June 13, 2010 Author Share Posted June 13, 2010 P.S. I have been told by a tech-savvy friend that he thinks the hack was a 'javascript injection' hack - and that the hacker just used a form on my site to send some code that would create the index.html file. Don't know if that affects how I should go about this? I think MrPhil maybe you're right and I simply need to stop the system from paying attention to the index.html file. It would be nice if he couldn't get in and hack the site in the first place though! :( x Link to comment Share on other sites More sharing options...
MrPhil Posted June 13, 2010 Share Posted June 13, 2010 You could insert the new lines anywhere in .htaccess, provided it's not in the middle of something else. For safety, add them at the very end of the file. That eliminates the possibility of breaking something else. Check that you don't already have some form of either command (DirectoryIndex or Options) in the file. Don't even consider going to osC 3.0. It's only "alpha" level, and far from ready for a production store, especially for anyone who knows nothing about PHP. "Javascript injection"? I suppose that's possible, but "MySQL injection" and "PHP injection" are far more common attacks. Be sure to do a search on this forum regarding "security", and follow instructions of "hardening" your site against hackers. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.