Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Email Received: CHECK YOUR SITE CONFIGURATION


stitchup

Recommended Posts

Good morning all.

 

I wonder if you guys could assist me with emails I'm receiveing from Italy regarding the security of my website? I've received several of these emails and this is the general content:

 

Your website is compromised and used as a phishing land page for poste.it (bank in Italy).

Check this page on your server:

http://www.*******.***/java.php, it collects user credentials and sends them back to the attacker.

 

Please fix this ASAP to limit the damage to poste.it customers.

 

Regards

 

As I have no experience of OSCOMMERCE or website programming, I'm left wondering if this is just another scam?

 

I've not responded to the emails in any way.

 

Would appreciate some advice!

 

Many thanks

 

john

Link to comment
Share on other sites

it is not typical to receive personalized solicitation emails for oscommere. But scammers try everything. If you can it may be a good idea to pay a OSC pro to make sure it all is in order.

 

As far as the phishing scam is concerned, its typical for OSC to collect data for purchase, but they certainly don't try to hold or sell that information.

Link to comment
Share on other sites

Good morning all.

 

I wonder if you guys could assist me with emails I'm receiveing from Italy regarding the security of my website? I've received several of these emails and this is the general content:

 

Your website is compromised and used as a phishing land page for poste.it (bank in Italy).

Check this page on your server:

http://www.*******.***/java.php, it collects user credentials and sends them back to the attacker.

 

Please fix this ASAP to limit the damage to poste.it customers.

 

Regards

 

As I have no experience of OSCOMMERCE or website programming, I'm left wondering if this is just another scam?

 

I've not responded to the emails in any way.

 

Would appreciate some advice!

 

Many thanks

 

john

Does that file actually exist?

:unsure:

 

If it does then yes you're probably hacked (again - you posted about a year ago about being hacked back then).

 

It's not a "standard" osC file and if you didn't put it on the site and you don't know what it does that leaves only one other possibility...

:'(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...