troubles Posted March 25, 2011 Share Posted March 25, 2011 Hi People, I purchased a template from Template Monster and had it installed for a small charge. In the last two weeks my site was hacked twice and to prevent this happening again I was asked to upgrade to the latest version of OS Commerce. I have no idea how to do this, I have search the site to see that it has a download feature there is no instructions. I dont want to replace something wrong and then mess up my template and my online shop. For a novice like me and other novices, upgrading instructions might be something the os site may want to consider it will be very appreciated. My host has cleaned the site deleting unwanted files but I am trying to upgrade before the hacker strikes again. Here is the information for my host We have investigated your issue once again from our end and deleted a new portion of php shell scripts. As we can see you have exploitable version of osCommerce under the following path: /specialist-events.com/shop Here is apart of logs with the attack: specialist-events.com/specialist-events.com.1:78.85.117.182 - - [24/Mar/2011:06:17:59 -0400] "POST /shop//admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 15127 "-" "-" Using that exploit a hacker was able to pass through authentication in your admin area and upload own content to the server. We strongly recommend you to upgrade the osCommerce to the latest version, or if it is already update, then rename admin directory and move it outside of shop directory. You may find details about this exploit at the following page: http://www.oscommerce.com/forums/topic/367332-new-exploit-today-is-out/ Can someone please help me as constantly getting hacked is frustrating. Also can you guys give me some advice to prevent this happening again. Many thanks for all advice. Junior Link to comment Share on other sites More sharing options...
♥toyicebear Posted March 26, 2011 Share Posted March 26, 2011 You download the latest stable 2 series version, which at the time of writing this is 2.31. Unzip the downloaded files and inside you will find a step-by-step upgrade instruction doc. Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
troubles Posted April 1, 2011 Author Share Posted April 1, 2011 Does anyone know any companies who can upgrade the os commerce to the latest version. Link to comment Share on other sites More sharing options...
Jack_mcs Posted April 2, 2011 Share Posted April 2, 2011 Does anyone know any companies who can upgrade the os commerce to the latest version. You don't have to upgrade to 2.3. In fact, it is probably a mistake to do so since you will lose your template and, possibly, contributions you have installed. Of course, both could be converted too but the cost is not a reasonable one, in my opinion. There are threads here explaining what you need to protext your site. If you run your site through the security cehcker on my site, you will see there are some basic security problems with it. Once those are fixed, you should be all set. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted April 2, 2011 Share Posted April 2, 2011 Junior, Jacks advice is correct, read these two threads on how to clean and secure your current website: Admin Security and Website Security. Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.