Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

help! /images folder hacked everyday


shadow007

Recommended Posts

Hi All,

 

Everday, Three malicious files will be created in my /images folder on my site.

they are:

# (decoded file) ClamAV detected virus = [php.Shell-22]:

'/home/condoms/public_html/images/application_bottom_top.php.jpg'

# Suspicious image file (hidden script file):

'/home/condoms/public_html/images/file_manager.php.jpg'

# Suspicious image file (hidden script file):

'/home/condoms/public_html/images/usr.php.jpg'

# Known exploit = [Fingerprint Match]:

'/home/condoms/public_html/images/usr.php.jpg'

 

I have changed all ftp and cpanel passwords, and installed all recommended security addons here.

But the three files still be created automatically everyday.

So I have to create a .htaccess file with contents below in /images folder to deny their codes:

<FilesMatch “.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$”>

Order Deny,Allow

Deny from all

</FilesMatch>

 

I can't find the related hole and malicious scripts which creates the three files.

any suggestion will be appreciated.

 

---

Stephen

Everyone is changing the world.

Everyone is a world.

For everyone needs my help, PM or email if I amn't online.

Link to comment
Share on other sites

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...