Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to upgrade to the latest version of Os


troubles

Recommended Posts

Hi People,

 

I purchased a template from Template Monster and had it installed for a small charge. In the last two weeks my site was hacked twice and to prevent this happening again I was asked to upgrade to the latest version of OS Commerce.

 

I have no idea how to do this, I have search the site to see that it has a download feature there is no instructions. I dont want to replace something wrong and then mess up my template and my online shop.

 

For a novice like me and other novices, upgrading instructions might be something the os site may want to consider it will be very appreciated. My host has cleaned the site deleting unwanted files but I am trying to upgrade before the hacker strikes again.

 

Here is the information for my host

 

We have investigated your issue once again from our end and deleted a new portion of php shell scripts. As we can see you have exploitable version of osCommerce under the following path: /specialist-events.com/shop

Here is apart of logs with the attack:

specialist-events.com/specialist-events.com.1:78.85.117.182 - - [24/Mar/2011:06:17:59 -0400] "POST /shop//admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 15127 "-" "-"

Using that exploit a hacker was able to pass through authentication in your admin area and upload own content to the server. We strongly recommend you to upgrade the osCommerce to the latest version, or if it is already update, then rename admin directory and move it outside of shop directory. You may find details about this exploit at the following page:

http://www.oscommerce.com/forums/topic/367332-new-exploit-today-is-out/

 

Can someone please help me as constantly getting hacked is frustrating. Also can you guys give me some advice to prevent this happening again.

 

Many thanks for all advice.

 

Junior

Link to comment
Share on other sites

You download the latest stable 2 series version, which at the time of writing this is 2.31. Unzip the downloaded files and inside you will find a step-by-step upgrade instruction doc.

Link to comment
Share on other sites

Does anyone know any companies who can upgrade the os commerce to the latest version.

You don't have to upgrade to 2.3. In fact, it is probably a mistake to do so since you will lose your template and, possibly, contributions you have installed. Of course, both could be converted too but the cost is not a reasonable one, in my opinion. There are threads here explaining what you need to protext your site. If you run your site through the security cehcker on my site, you will see there are some basic security problems with it. Once those are fixed, you should be all set.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...