Site hacked - Running v2.2 RC2

[mammuten]

Someone uploaded a "index.html" file in the OSCommerce directory.

 

I run "v2.2 RC2".

 

Is there a later version, I noticed that I could download a version named "oscommerce-2.2rc2a".

 

Is that the same version or a new one?

[Guest]

Jan,

 

V2.2 RC2a is a new version and has some security updates available for it to make it more secure.

 

 

 

Chris

[mammuten]

Thanks for your reply. I jjust downloaded the new version and looked at upgrade.htm

 

Do I need to make the changes in the files myself or how do I upgrade?

[Guest]

Jan,

 

Yes, there are file edits to be done to complete the upgrade to RC2a

 

 

Chris

[mammuten]

Thanks!

Ok, so I cant just upload the changed files and everything will be fine?

[Guest]

Jan,

 

Make sure you make a complete backup of your files and database before doing any changes.

 

 

 

Chris

[mammuten]

Isnt threre any more simple way to update? This is crazy!

I really have to edit all those files by hand?

[Guest]

Jan,

 

 

That's why I say, creating a new site is usually less time consuming that trying to update one.

 

 

 

 

Chris

[♥FWR Media]

Firstly - the changes between RC2 and RC2a are tiny so I certainly wouldn't build a new site just to accommodate those changes.

 

Secondly - It won't make a jot of difference to the hack. If someone was able to upload a file to your catalog directory then you should be working with your hosts to find out how and why.