Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Suspected Hacking


richa2002

Recommended Posts

Hello all

 

After checking my who's online page, I've seen lots of suspect activity from a handful of IPs which I've banned but I appreciate that's a very short-term solution. The sort of activity in question is IPs accessing the paths listed below:

/product_info.php?products_id=67/admin/file_manager.php/login.php

/product_info.php?products_id=67/admin/categories.php/login.php?cPath=&action=new_product_preview

/shipping.php/admin/file_manager.php/login.php

 

I have renamed the admin folder and also applied all the recommended security updates such as implementing .htaccess to the admin section so I'm not quite sure what they can be accessing here. Any ideas would be great.

 

Thanks

Link to comment
Share on other sites

A lot of that is probably more automated than someone manually doing their thing on your site. Sort of the same way a search engine spiders your site. There are a number of contribs that can deal to this if it comes down to an issue of annoyance or even bandwidth for you including the one in my signature (shameless plug).

 

But if you either have htaccess folder protection on your admin folder or moved/renamed it then this 'specific' genre of attacks listed above will not work for them.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

A lot of that is probably more automated than someone manually doing their thing on your site. Sort of the same way a search engine spiders your site. There are a number of contribs that can deal to this if it comes down to an issue of annoyance or even bandwidth for you including the one in my signature (shameless plug).

 

But if you either have htaccess folder protection on your admin folder or moved/renamed it then this 'specific' genre of attacks listed above will not work for them.

Thanks for the info. I'm pleased to hear that I should be fine security wise seeing as I have renamed the admin folder. I'll look into implementing your script, nothing wrong with a shameless plug when it's useful :).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...