Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP Urgent HELP --Web Site Down


Guest

Recommended Posts

I have a web site www.eduardo-xavier.com oscommerce and now is showing an error taking me to a different website/link

http://carn.cz.cc/show.php?key=fcfe7c10d4f05fa29b45456408269fdc&u=dima this happens if i use firefox

 

When i use chrome is showing this:

Server error

The website encountered an error while retrieving http://www.eduardo-xavier.com/. It may be down for maintenance or configured incorrectly.

Here are some suggestions:

Reload this web page later.

HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.

 

Can someone help me???

 

Please its URGENT since i have pending orders

 

Thanks

Regards

 

Eduardo Xavier

Link to comment
Share on other sites

I have a web site www.eduardo-xavier.com oscommerce and now is showing an error taking me to a different website/link

http://carn.cz.cc/show.php?key=fcfe7c10d4f05fa29b45456408269fdc&u=dima this happens if i use firefox

 

When i use chrome is showing this:

Server error

The website encountered an error while retrieving http://www.eduardo-xavier.com/. It may be down for maintenance or configured incorrectly.

Here are some suggestions:

Reload this web page later.

HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request.

 

Can someone help me???

 

Please its URGENT since i have pending orders

 

Thanks

Regards

 

Eduardo Xavier

 

you have been hacked

 

if you have a backup of the site use that then go here oscpal.com/?page_id=159 and install the security

 

Dennis

Link to comment
Share on other sites

OMG

 

I dont Have a Recent Backup.

 

Is There any other way to resolve this issue?

 

Please Help need it!!!

 

check with your hosting provider they might have a backup

 

if not you will have to go through the files and find the "bad" code and remove it manually

 

you should protect your site immediately from further attacks by taking it offline (to where no one can access it)

you can go into your control panel and assign a user and password to the catalog folder (or the folder it is in) until it is fixed

 

you want to keep your database intact because your backup will not have all your recent orders

 

Dennis

Link to comment
Share on other sites

Thank you so much for your help. Im contacting my webhosting asking the best options to resolve this issue!!!

 

Regards

 

I will update ASAP

 

Thanks

Link to comment
Share on other sites

Eduardo

 

Follow the usefull threads link below for an explantion of how to disinfect your site and secure it from future attacks.

 

Even if you get the code restored it will happen again.

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Hi, I also recommend you to contact your hosting provider, don't waste your time trying to fix it yourself. It happened to me and I tried and tried to fix the problem, I had all files manually backuped and though I replaced them the hack came back again and again, ¿why? the whole server was infected, and only your provider may clean it all. They probably will restore a back up, but it will be at least one or two days old, I highly recommend, after my own experience, to backup as often as possible, especially the database, and after major changes.

 

;) Good luck

Link to comment
Share on other sites

Some times it is the server but normally it is osc that has not been patched that lets them in.

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Hi Thank you all for the help

 

I got it running but some functions aren't running properly also when i receive a order the only email I get is from Paypal and is only the payment (obvious) but nothing appears on my database or admin...

 

I really need help on this issue and my hosting company (webhostingpad.com) is not helping at all. I contacted them and they couldn't do anything apart from offering me a restore backup for $19.99. I did accept the offer but until now nothing has been done... At this stage its annoying the hell out of me... What should i do? I already uploaded all the admin and front office files to get it running but as I mentioned I'm still facing many issues!!!

 

If is there anyone who can help me please contact me through here or email me please. I'm devastated with the situation and very concern with the lost of all my work.

 

Thanks

Regards

 

Eduardo Xavier

Link to comment
Share on other sites

If you have a proper backup or Your hosting has a proper working backup there is no reason to Panic.

 

For future you need to make sure of having backup and following secure web development and amdinistration practices.

 

Some of them are:

1. admin folder to be renamed and htacccess protected.

2. File manager to be removed.

3. All images folder to be htaccess protected to avoid any files getting executed.

4. proper file permissions.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Eduardo,

Check the index.php files of all the directories

and you might see a java script code attached at the

bottom of each file. (This is just my observation, could

be another sort of hack.)

 

Also do you check the log files?

If not, you need to be able to analyse this file in

MS Excel or others each day so that anyone perusing

files that they shouldn't - should be banned straight

away through the .htaccess in the root directory.

 

Pubman

Link to comment
Share on other sites

Hi everyone

Thanks for all your help.

 

I got the site up and running 100%

 

I would like to know more how can i prevent this to happen again?

 

Regards

 

Eduardo Xavier

Link to comment
Share on other sites

I'm a freelance coder, along with doing OSC customizations, lately I've gotten a lot of work cleaning and securing OSC sites with infections very similar to yours. I can't be 100% certain but the file manager and image upload file in the admin directory are likely suspects of how what I call sleeper files, got onto your server. Once your store is set up, you can rename these files, change the .PHP to something like .WASPHP, to prevent them from executing. If you ever need to use them, just rename them back (although using an actual FTP program, or better yet SCP to upload files would be to your advantage)

 

The sleeper files, when requested by the hackers then modify other files.. adding badness to javascript files, php, htm, html (usually index.*) and even .htaccess In one case, I was scratching my head for hours until I noticed an .htaccess file, which normally has maybe 20 lines, was over 3k in size.. editing it, I found maybe 70 blank lines appended to the bottom of the file, followed by a mod-rewrite rule that did some really nasty stuff, which eventually led me to the sleeper file.

 

It sounds like you have removed the malicious code that was added with the intention of infecting your visitors.. but unless you have removed these sleeper files, it will just be re-infected.

 

As someone else mentioned here, these hackers like to hide files in the image directory, with names that don't raise suspicion, like image.php, or image-resize.php About the only way to be sure is to compare all the file names you have with those of a fresh install of the same version. You'll also want to scrutinize any file that contains . . .

 

'eval(file_get_contents('

'eval(base64_decode('

'ini_set('display_errors','off');'

'$_GET['cnf']'

 

That is not to say any file with these are nasty, because there are legitimate uses for them.. but, scrutinize, compare etc..

 

Again, once your site is up and running, lock it down to minimum permission, typically read & execute .. After you have a back up, via SSH you could do something like . . .

 

find ./ -name ".htaccess" -exec chmod 500 {} \;

find ./ -name "*.htm" -exec chmod 500 {} \;

find ./ -name "*.html" -exec chmod 500 {} \;

find ./ -name "*.php" -exec chmod 500 {} \;

 

to lockdown those files. Not 100% protection, but it will certainly slow a hacker down, possibly persuade them to look for easier targets.

 

 

Because of how most webservers are set up these days, Apache runs as you, the account owner, so naturally any rogue php file has permissions to read and modify any file you , the account owner can. Really wish we were back in the old days, when Apache ran as nobody, and could only do what you allowed it to.. apparently tech support reps got tired of explaining file permissions.

 

PS.. a recent tactic I've discovered, once a sleeper file has been successfully uploaded, the villains might wait a month to use it to infect other files... likely causing your back ups to be infected as well.

Just call me Dewed ...

Link to comment
Share on other sites

OMG

 

The site is infected again!!!!

Im not expert with these steps...

 

I would like to pay someone to do this job and prevent me to happen again!!

 

Are you or is there anyone interested of doing this and secure my web page?

 

Thanks,

Regards

 

Eduardo Xavier

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...