Guest Posted March 12, 2011 Share Posted March 12, 2011 I have a web site www.eduardo-xavier.com oscommerce and now is showing an error taking me to a different website/link http://carn.cz.cc/show.php?key=fcfe7c10d4f05fa29b45456408269fdc&u=dima this happens if i use firefox When i use chrome is showing this: Server error The website encountered an error while retrieving http://www.eduardo-xavier.com/. It may be down for maintenance or configured incorrectly. Here are some suggestions: Reload this web page later. HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request. Can someone help me??? Please its URGENT since i have pending orders Thanks Regards Eduardo Xavier Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2011 Share Posted March 12, 2011 I have a web site www.eduardo-xavier.com oscommerce and now is showing an error taking me to a different website/link http://carn.cz.cc/show.php?key=fcfe7c10d4f05fa29b45456408269fdc&u=dima this happens if i use firefox When i use chrome is showing this: Server error The website encountered an error while retrieving http://www.eduardo-xavier.com/. It may be down for maintenance or configured incorrectly. Here are some suggestions: Reload this web page later. HTTP Error 500 (Internal Server Error): An unexpected condition was encountered while the server was attempting to fulfill the request. Can someone help me??? Please its URGENT since i have pending orders Thanks Regards Eduardo Xavier you have been hacked if you have a backup of the site use that then go here oscpal.com/?page_id=159 and install the security Dennis Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2011 Share Posted March 12, 2011 OMG I dont Have a Recent Backup. Is There any other way to resolve this issue? Please Help need it!!! Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2011 Share Posted March 12, 2011 OMG I dont Have a Recent Backup. Is There any other way to resolve this issue? Please Help need it!!! check with your hosting provider they might have a backup if not you will have to go through the files and find the "bad" code and remove it manually you should protect your site immediately from further attacks by taking it offline (to where no one can access it) you can go into your control panel and assign a user and password to the catalog folder (or the folder it is in) until it is fixed you want to keep your database intact because your backup will not have all your recent orders Dennis Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2011 Share Posted March 12, 2011 Thank you so much for your help. Im contacting my webhosting asking the best options to resolve this issue!!! Regards I will update ASAP Thanks Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 12, 2011 Share Posted March 12, 2011 Eduardo Follow the usefull threads link below for an explantion of how to disinfect your site and secure it from future attacks. Even if you get the code restored it will happen again. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
marioacero Posted March 12, 2011 Share Posted March 12, 2011 Hi, I also recommend you to contact your hosting provider, don't waste your time trying to fix it yourself. It happened to me and I tried and tried to fix the problem, I had all files manually backuped and though I replaced them the hack came back again and again, ¿why? the whole server was infected, and only your provider may clean it all. They probably will restore a back up, but it will be at least one or two days old, I highly recommend, after my own experience, to backup as often as possible, especially the database, and after major changes. ;) Good luck Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 12, 2011 Share Posted March 12, 2011 Some times it is the server but normally it is osc that has not been patched that lets them in. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Guest Posted March 13, 2011 Share Posted March 13, 2011 Hi Thank you all for the help I got it running but some functions aren't running properly also when i receive a order the only email I get is from Paypal and is only the payment (obvious) but nothing appears on my database or admin... I really need help on this issue and my hosting company (webhostingpad.com) is not helping at all. I contacted them and they couldn't do anything apart from offering me a restore backup for $19.99. I did accept the offer but until now nothing has been done... At this stage its annoying the hell out of me... What should i do? I already uploaded all the admin and front office files to get it running but as I mentioned I'm still facing many issues!!! If is there anyone who can help me please contact me through here or email me please. I'm devastated with the situation and very concern with the lost of all my work. Thanks Regards Eduardo Xavier Link to comment Share on other sites More sharing options...
satish Posted March 13, 2011 Share Posted March 13, 2011 If you have a proper backup or Your hosting has a proper working backup there is no reason to Panic. For future you need to make sure of having backup and following secure web development and amdinistration practices. Some of them are: 1. admin folder to be renamed and htacccess protected. 2. File manager to be removed. 3. All images folder to be htaccess protected to avoid any files getting executed. 4. proper file permissions. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
pubman Posted March 13, 2011 Share Posted March 13, 2011 Eduardo, Check the index.php files of all the directories and you might see a java script code attached at the bottom of each file. (This is just my observation, could be another sort of hack.) Also do you check the log files? If not, you need to be able to analyse this file in MS Excel or others each day so that anyone perusing files that they shouldn't - should be banned straight away through the .htaccess in the root directory. Pubman Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2011 Share Posted March 14, 2011 Hi everyone Thanks for all your help. I got the site up and running 100% I would like to know more how can i prevent this to happen again? Regards Eduardo Xavier Link to comment Share on other sites More sharing options...
dewed Posted March 14, 2011 Share Posted March 14, 2011 I'm a freelance coder, along with doing OSC customizations, lately I've gotten a lot of work cleaning and securing OSC sites with infections very similar to yours. I can't be 100% certain but the file manager and image upload file in the admin directory are likely suspects of how what I call sleeper files, got onto your server. Once your store is set up, you can rename these files, change the .PHP to something like .WASPHP, to prevent them from executing. If you ever need to use them, just rename them back (although using an actual FTP program, or better yet SCP to upload files would be to your advantage) The sleeper files, when requested by the hackers then modify other files.. adding badness to javascript files, php, htm, html (usually index.*) and even .htaccess In one case, I was scratching my head for hours until I noticed an .htaccess file, which normally has maybe 20 lines, was over 3k in size.. editing it, I found maybe 70 blank lines appended to the bottom of the file, followed by a mod-rewrite rule that did some really nasty stuff, which eventually led me to the sleeper file. It sounds like you have removed the malicious code that was added with the intention of infecting your visitors.. but unless you have removed these sleeper files, it will just be re-infected. As someone else mentioned here, these hackers like to hide files in the image directory, with names that don't raise suspicion, like image.php, or image-resize.php About the only way to be sure is to compare all the file names you have with those of a fresh install of the same version. You'll also want to scrutinize any file that contains . . . 'eval(file_get_contents(' 'eval(base64_decode(' 'ini_set('display_errors','off');' '$_GET['cnf']' That is not to say any file with these are nasty, because there are legitimate uses for them.. but, scrutinize, compare etc.. Again, once your site is up and running, lock it down to minimum permission, typically read & execute .. After you have a back up, via SSH you could do something like . . . find ./ -name ".htaccess" -exec chmod 500 {} \; find ./ -name "*.htm" -exec chmod 500 {} \; find ./ -name "*.html" -exec chmod 500 {} \; find ./ -name "*.php" -exec chmod 500 {} \; to lockdown those files. Not 100% protection, but it will certainly slow a hacker down, possibly persuade them to look for easier targets. Because of how most webservers are set up these days, Apache runs as you, the account owner, so naturally any rogue php file has permissions to read and modify any file you , the account owner can. Really wish we were back in the old days, when Apache ran as nobody, and could only do what you allowed it to.. apparently tech support reps got tired of explaining file permissions. PS.. a recent tactic I've discovered, once a sleeper file has been successfully uploaded, the villains might wait a month to use it to infect other files... likely causing your back ups to be infected as well. Just call me Dewed ... Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2011 Share Posted March 14, 2011 OMG The site is infected again!!!! Im not expert with these steps... I would like to pay someone to do this job and prevent me to happen again!! Are you or is there anyone interested of doing this and secure my web page? Thanks, Regards Eduardo Xavier Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2011 Share Posted March 14, 2011 PM Sent Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.