J.Kjoller Posted April 19, 2011 Share Posted April 19, 2011 Hi Last night, all of our customers got a mail With the titel "x. xyyyyyy, our website attacked from your system. Immediately take charge of the your computer !" I am afriad that someone hacked our customer base, is there any known security issues, on that part? The version is v2.2 RC2 Link to comment Share on other sites More sharing options...
Hotclutch Posted April 19, 2011 Share Posted April 19, 2011 Hi Last night, all of our customers got a mail With the titel "x. xyyyyyy, our website attacked from your system. Immediately take charge of the your computer !" I am afriad that someone hacked our customer base, is there any known security issues, on that part? The version is v2.2 RC2 Hi Have you applied all the security tips here? http://www.oscommerce.com/forums/forum/76-security/ First thread at the top of page. Please keep us posted, thanks. Link to comment Share on other sites More sharing options...
J.Kjoller Posted April 19, 2011 Author Share Posted April 19, 2011 Only this one: You can add htaccess protection http://addons.oscommerce.com/info/6066 I will take a look at the rest. - Jakob Hi Have you applied all the security tips here? http://www.oscommerce.com/forums/forum/76-security/ First thread at the top of page. Please keep us posted, thanks. Link to comment Share on other sites More sharing options...
Hotclutch Posted April 19, 2011 Share Posted April 19, 2011 Only this one: You can add htaccess protection http://addons.oscommerce.com/info/6066 I will take a look at the rest. - Jakob Rename your admin folder and add the security PRO contribution, first. Link to comment Share on other sites More sharing options...
J.Kjoller Posted April 19, 2011 Author Share Posted April 19, 2011 Sorry my bad, i did that when i enabled the .access. Would it make any sense, to upgrade to 3.0.1, or would i have to go through the entier process anyway? Rename your admin folder and add the security PRO contribution, first. Link to comment Share on other sites More sharing options...
Hotclutch Posted April 19, 2011 Share Posted April 19, 2011 Sorry my bad, i did that when i enabled the .access. Would it make any sense, to upgrade to 3.0.1, or would i have to go through the entier process anyway? V2.3.1 is the recommended version to be on now. Link to comment Share on other sites More sharing options...
J.Kjoller Posted April 19, 2011 Author Share Posted April 19, 2011 V2.3.1 is the recommended version to be on now. Ok, are the fixes included in that version? Link to comment Share on other sites More sharing options...
burt Posted April 19, 2011 Share Posted April 19, 2011 2.3.1 is better secured. But still requires extra security measures. Link to comment Share on other sites More sharing options...
J.Kjoller Posted April 19, 2011 Author Share Posted April 19, 2011 2.3.1 is better secured. But still requires extra security measures. Is there an list, with the actions that needs to be executed? Link to comment Share on other sites More sharing options...
J.Kjoller Posted April 26, 2011 Author Share Posted April 26, 2011 I have followed the list, but yesterday night, it happend again. All the customers got a new mail, from the website :( Any ideas? Link to comment Share on other sites More sharing options...
Taipo Posted April 27, 2011 Share Posted April 27, 2011 Could be related to this? http://www.1337day.com/exploits/15353 - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.