Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Bogus administrator

mstabrey

By mstabrey
in Security

Recommended Posts

mstabrey

mstabrey

Posted
Posted

We were recently hacked and went through the usual routines of cleansing all files and changing usernames and passwords.

However, we notice that a bogus administrator still appears in the administrators list from time to time. How can we stop this. We thought changing usernames and passwords (which we have done four times in the past month)would have taken care of this.

 

Tx,

Mart

Guest

Guest

Posted
Posted

Martin,

 

Usually hackers will create a 'backdoor' into your site. You will need to search out and delete anomalous files as well as any malicious code. Check every file !

 

 

 

Chris

mstabrey

mstabrey

Posted
  • Author
Posted

Martin,

 

Usually hackers will create a 'backdoor' into your site. You will need to search out and delete anomalous files as well as any malicious code. Check every file !

 

 

 

Chris

Chris,

 

I thought I had done that by overwriting all osc related files on the server from the original files I have on a local box. To get access, could a hacker be using a non-osc file (non PHP) that we have subsequently added?

Also, what would be a give away that a file is being used by a hacker as an entry point. I've only been looking at when file shave last been modified. Would that in itself be enough?

 

Thanks,

Mart

mstabrey

mstabrey

Posted
  • Author
Posted

Perhaps now you realise that my advice as in this thread - http://www.oscommerce.com/forums/topic/366263-hacked-or-not/page__view__findpost__p__1542146 - is the only practical way to be sure that your site is clean.

 

Other people insist that restoring a backup is good enough. I say it is not.

 

Every file needs to be inspected manually, line by line, to ensure a clean osCommerce site.

If what you say is correct, then checking files would surely start with seeing if their datestamps have been messed with, no?

Also, could an htaccess file interfere with renaming the admin folder. You might have seen in another thread that I tried to rename the folder and the two lines in teh configure.php file, but when done I am given an error when using the shop admin. Had to rename all occurences back to admin for it to work again.

 

Thanks.

 

Mart

mdtaylorlrim

♥mdtaylorlrim

Posted
Posted

 

Also, could an htaccess file interfere with renaming the admin folder.

Depends on what is in it. An .htaccess file has many uses and is quite versatile. When you change the admin directory name and it does not work simply comment out the lines in your .htaccess file and see if it changes things.

 

Hundreds change the name of the admin directory all the time. Specific questions, with code, results in specific answers and help. Give it another try...

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

burt

burt

Posted
Posted

If what you say is correct, then checking files would surely start with seeing if their datestamps have been messed with, no?

 

No. Don't try to shortcut. You want it done, do it properly.

Do you know the date and time of the original hack. What if some files are changed, then other files changed. Two dates.

 

Also, could an htaccess file interfere with renaming the admin folder. You might have seen in another thread that I tried to rename the folder and the two lines in teh configure.php file, but when done I am given an error when using the shop admin. Had to rename all occurences back to admin for it to work again.

 

Yes. If you have htpasswd protection, then you need to also amend the htaccess/htpasswd for the new location/name of your admin directory

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...