Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Cannot Delete .xcache File Full Of Trash Links! :(


ttmw

Recommended Posts

It's just come to my notice that i've had some kind of hack on my site. I've got a .xcache file in my website.com/images/ file. I know this is a common hack, but i don't know how to sort it. I know i need to sort the underlying security issue, but for starters, i can't even delete the file. It says my access is denied, it keeps saying '550 Could not delete .xcache: Invalid argument' ...how do i delete this, and if anyone knows of the reason or a clue of how this happened or other files i should look for please let em know! :)

 

I'm in the middle of securing the site via a thread on here, but until then and to help me along , please feel free to suggest fixes and anything you think might help

 

Thanks!

Link to comment
Share on other sites

John,

 

The file can only be deleted using your hosting accounts file manager. The hacker has placed irregular files in the directory that will not allow you to delete it using an FTP client. Files such as .a/m2 can not be deleted normally.

 

 

Also, with this type of hack, be sure to check your /includes/languages/english/cookie_usage.php file for malicious code.

 

 

 

Chris

Link to comment
Share on other sites

I'm using cpanel (but have control of my WHM also)...i've tried deleting the file using 'File Manager' in cPanel, but unless i'm doing something wrong, it still wont delete and returns when i refresh of return to the directory.

Link to comment
Share on other sites

John,

 

 

Ask your hosting provider to remove it for you. In the meantime, rename it if you can and make the permissions Owner read only.

 

 

 

 

Chris

Link to comment
Share on other sites

John, have you tried changing file permissions before deleting or can you not do that either?

My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Link to comment
Share on other sites

John, have you tried changing file permissions before deleting or can you not do that either?

 

I don't seem to be able to change permissions either no...it's currently stuck at 750 :(

Link to comment
Share on other sites

What are the files in the .xcache directory?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

What are the files in the .xcache directory?

 

 

It wont let me access the files, but judging by a quick look around ,its youtube and bogus other websites links in the thousands. Along with a few other sly hacks and such. Nothing too exciting, i just want rid! :( there's other php files there too with similar hidden code :(

Link to comment
Share on other sites

If its a stand alone server then something on the server is writing to it perhaps. Have you tried then to turn off apache and then (obviously remoted in via some remote access facility) try deleting or renaming the directory?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Check who is the "owner" of the files.

 

If you aren't the "owner" of the files/folders you probably can't remove them (depends on permissions of the owners).

 

Last hacked shop I was in all the hack files were owned by "root".

 

So it took a little extra to get things back to normal.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...