Plux Posted May 1, 2011 Share Posted May 1, 2011 Should there be any .db files in osCommerce. I found some that where heavily encoded but when I delete them I get an error in the admin panel that said 'fatal error' because it could not load that file. Link to comment Share on other sites More sharing options...
Taipo Posted May 1, 2011 Share Posted May 1, 2011 I am not 100% clued up on Ultimate SEO Urls 5, but I do believe that addon may be using SQLlite therefore there will be a database somewhere in the admin section. What exactly is the error message as that may better point to the source of the error? Also, if you have patched the $PHP_SELF code in your Oscommerce 2.2.1 site, or are using Oscommerce 2.3.1 then your site should be safe from rogue file uploading. If you are using the USU5 addon then your site should be patched against rogue file uploading because as far as I can see, only USU5 and Osc_Sec contain the patched code (other than Oscommerce 2.3.1) or a version of it. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
NodsDorf Posted May 2, 2011 Share Posted May 2, 2011 According to a host I work with there has been a rash of OSC hacks. 1 of them include a htaccess re-rewrite that redirects to index.htm page that uses a file called Thumbs.db. If this is the DB file you are referring to it is in fact not part of OSC. Another one is php / html injection done by bots. The most recent one (April 23rd, 2011): http://frazierit.com/blog/?p=103 According to the guru here: The goal of the hack was to inject some monitoring code in HTML documents, and PHP code that reacts on a POST of a URL value to attribute ‘xxxprch’ to dig into client’s http://toolbarqueries.google.com/ references. Effectively, this hack is building an empire of google page rank agents that can make page rank requests to google in a distributed fashion, and report back to the calling host. If you see either Thumbs.db or any of the malicous code from the above link on any of your pages you may need to go back to a backup prior to the 23rd. Link to comment Share on other sites More sharing options...
jow ga Posted May 9, 2011 Share Posted May 9, 2011 I have the thumbs.db hack on one of my sites. I have cleaned it out now, but how to i fix the security hole and stop the attack from happening again? thanks, tom Link to comment Share on other sites More sharing options...
Taipo Posted May 10, 2011 Share Posted May 10, 2011 What version of Oscommerce are you using jow ga? - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
satish Posted May 10, 2011 Share Posted May 10, 2011 Hackers use any extension which a non tech webmaster might feel to be a relevant file. So best option is to compare witha fresh osc downlaod. If that files does not exist probably its a hack. Again it depends if any of your contrib has added these files. Also where these files were found can point further. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does. Link to comment Share on other sites More sharing options...
Taipo Posted May 10, 2011 Share Posted May 10, 2011 There are also a couple of Oscommerce derivatives that do some weird things too Satish, like installing FCKEditor outside of the admin directory which makes it easily accessible for bypassing the file uploads security, so if people follow the usual advice to change the name of the admin directory or put htaccess or whatever, it wont affect the editor because it is not in the admin directory. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.