oscommerce vulnerability?

[pamamolf]

Please check what they did on our shop :(

 

hackmarket.com

 

Any info about this?

[pamamolf]

Error log:

 

[21-Jul-2010 00:15:11] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/hackmark/public_html/includes/configure.php:31) in /home/hackmark/public_html/includes/functions/sessions.php on line 102

[21-Jul-2010 00:15:11] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/hackmark/public_html/includes/configure.php:31) in /home/hackmark/public_html/includes/functions/sessions.php on line 102

[21-Jul-2010 00:15:11] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/hackmark/public_html/includes/configure.php:31) in Unknown on line 0

 

 

They found a way to add this code at the bottom of every php file...

 

Is there a way to not allow that?

[Guest]

Dimitris,

 

You should have read this:

 

http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/

 

and this:

 

http://www.oscommerce.com/forums/index.php?showtopic=340995

 

 

If you had applied the security patches and installed some of the security contributions, the hacker would have had a much harder time hacking apart your site.

 

But, since there was no security you will need to restore a known good back up and then apply the security measures above.

 

 

Chris

[pamamolf]

Do you think that those security measures will help on the current problem?