Drapeta Posted August 19, 2010 Share Posted August 19, 2010 I have xx.php in general folder (public_html). It's hacked? HELP :) Link to comment Share on other sites More sharing options...
Guest Posted August 19, 2010 Share Posted August 19, 2010 Tom, Check ALL of your files for hacked code and eval base64 code. Usually the added files are called from hacked code within your standard OSC files. also read these: http://www.oscommerce.com/forums/index.php?showtopic=340995 http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/ Chris Link to comment Share on other sites More sharing options...
Drapeta Posted August 19, 2010 Author Share Posted August 19, 2010 Tom, Check ALL of your files for hacked code and eval base64 code. Usually the added files are called from hacked code within your standard OSC files. also read these: http://www.oscommerce.com/forums/index.php?showtopic=340995 http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/ Chris How can I check it? THANKS! Link to comment Share on other sites More sharing options...
Guest Posted August 19, 2010 Share Posted August 19, 2010 Tom, Check the most commonly hacked files......index.php and application_top.php and also look at files modification dates using your FTP. If you have recently modified files and you know you didn't modify them, that's a good indication that they have been compromised. Chris Link to comment Share on other sites More sharing options...
Drapeta Posted August 19, 2010 Author Share Posted August 19, 2010 Tom, Check the most commonly hacked files......index.php and application_top.php and also look at files modification dates using your FTP. If you have recently modified files and you know you didn't modify them, that's a good indication that they have been compromised. Chris THANKS! Is it possible that hacker also infected SQL database? THANKS! Link to comment Share on other sites More sharing options...
Guest Posted August 19, 2010 Share Posted August 19, 2010 Tom, USUALLY, they do not change the database because they are usually on a separate server. If they do, it is through SQL injection attacks. I would look for malicious files and code to start with. Chris Link to comment Share on other sites More sharing options...
Drapeta Posted August 19, 2010 Author Share Posted August 19, 2010 Have You knows any defence against SQL injection? GREAT THANKS! Link to comment Share on other sites More sharing options...
Guest Posted August 19, 2010 Share Posted August 19, 2010 Tom, The first post of this thread: http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/ Chris Link to comment Share on other sites More sharing options...
FIMBLE Posted August 19, 2010 Share Posted August 19, 2010 Tom, The first post of this thread: http://forums.oscomm...cure-your-site/ Chris Look at your page source for the index.php, you may well see some odd stuff there, partictualrily if its a pay per click hack which may display javascript, also there possibly could be a folder added to your server with hack files. If in doubt lets have your url so we can see the source. If its the Eval base 64 hack then nothing will show and you will have to check your files, in this case it will normally infect every single php file on your server by adding a string of code at the top of the page. If you have a abck up it would be easier to clear existing files and upload this, then add the security add on mentioned by Chris. FYI Query string hacker prevention is provided by FWR Security Pro. Check your files for the correct permissions, this is generally 644 for files and 755 for folders but it depends on your set up, it could be 555 and 444. Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.