Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Possible Database Hack?


angel_leyva

Recommended Posts

Hi all,

 

I am not completely knowledgeable about OsCommerce but i think i have enough sense to get it once its explained to me. here is my problem and please let me know the possible causes and solutions please.

 

every so often my OsCommerce site gets hacked to where i can no longer access it whatsoever. i receive this message while imputing the site into my browser.

 

 

"500 Internal Server Error"

"Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request."

 

Come to find out that my .htaccess files have been overwritten and they are in almost every directory and is always accompanied by a "Thumbs.db" file that i know wasn't there so i know thats a bad file that has to be deleted. (also, i dont remember the .htaccess file being in so many directories... can anyone let me know the specific ones if its not meant to be in so many?) so i overwrite .htaccess file w/ the correct file from my backup and delete the "Thumbs.db" on every directory i find them in.

 

today i found my problem is a lot worse than i thought. almost every site on our database has this problem (we have multiple sites on a single database). so i figure it must be a database hack, right? how do i fix it? is there a quicker way to delete/replace the necessary files other than FTP and deleting/replacing each file individually?

 

how can i prevent this in the future?

 

i appreciate anyone's input. i await any feedback. And thanks for the help!

Link to comment
Share on other sites

What version of Oscommerce are you using? If it is 2.2.1 then it is vulnerable to being hacked in more ways than the one you have described.

 

As has been described in many other discussions here you will need to go through and clean out your site of any extra files that have been added, and code that has been added to Oscommerce files. Or even better, upgrade to Oscommerce 2.3.1 especially if your code skill is not proficient enough to weed out the offending files and added code into stock oscommerce files.

 

Running multiple sites off the same database is not the best security practice either. Each site should have its own database, and username and password.

 

At the very least you need to clean out your sites and patch the exploit hole that is in Oscommerce 2.2.1 (assuming that you are using that version).

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Angel,

 

Any way you look at it, the repair of your website(s) is going to be time consuming and frustrating. I would suggest you lock down the server entirely until ALL repairs can be made. This will prevent the hacker from coming in behind you while you are cleaning one site, the hacker is hacking another site.

 

 

Seek professional help if you don't feel you can completely remove all malicious code and anomalous files.

 

 

 

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...