elviapuspa Posted February 8, 2011 Share Posted February 8, 2011 I Have a problem. My site : http://www.ostoreshop.info can not open. it request download flash player contiuning and can not stop. I had never set up it to down load flash player. What can I do to refresh my site before without any problem and it can open again ? Link to comment Share on other sites More sharing options...
Guest Posted February 8, 2011 Share Posted February 8, 2011 I am going to assume your site has been hacked. The 'loading flash player' is the ONLY code in the HTML file being called up when you enter your URL. That, and the fact that your admin is insecure is the reason I believe you have been hacked. Follow these steps to clean and secure your website: 1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code. 2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. 3) Delete the files on your hosting account before uploading the clean files. 4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security. 5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE 6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444 7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list' 8) Remove the .htaccess password protection so your customers can resume making purchases from your website. 9) Monitor your website using the newly installed contributions to prevent future hacker attacks. 10) If you feel you can not perform any of the above steps, PM me for help, because if you miss any of these steps your site may remain accessible to the hacker. Chris Link to comment Share on other sites More sharing options...
Taipo Posted February 9, 2011 Share Posted February 9, 2011 Other things to do. in admin/includes/application_top.php in the next line under: // Include application configuration parameters require('includes/configure.php'); Add: if(stristr($_SERVER['REQUEST_URI'],'.php/login')) { die(); } This will put a serious dent in using the /admin/categories.php/login.php trick to get a look into your admin area. 1/ clean out all the other admins that attackers have registered in your admin area previously, 2/ clean out all the php files in the images folders (and subfolders), 3/ make sure every other folder other than the images folder is chan modded to 755. 4/ have a look in all files that previously had 666 permissions, for instance sometimes includes/header.php or .htaccess is writeable. Change those to 644. In particular look for added code in these files that looks like: eval(base64_decode("DQppZiAoIWZ1bmN0aW9uX2V4aXN.... I have not looked all the way through oscommerce but I doubt there is any use for eval() at all in this application. 5/ in the main /includes/ folder add the following .htaccess file Options All -Indexes <Files *.php> Order Deny,Allow ## Deny from all RewriteEngine On RewriteRule .* http://www.yourmaindomainname.com [R,L] </Files> (obviously change http://www.yourmaindomainname.com to your domain name) This takes care of that 'other' exploit that has never been patched (/includes/classes/actions.php?module=[sHeLL]) by redirecting anyone trying to directly access files within the includes folder and subfolders. 6/ Change the user and password to your MYSQL database to be DIFFERENT from that of your Cpanel user and password logins. If you have been hacked in the past then there is a high chance that the attackers have uploaded some shell code to your site giving them access to at least read files in oscommerce. That means they could quite easily read the configure.php file in /includes/. Usually Cpanel webhosts auto configure your username and password to be the same as the MYSQL username and password with a few minor changes, so its not difficult to back engineer what the Cpanel login would be, if an attacker got their hands on your configure.php file. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.