Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

For more information, please visit this products webpage link screwed up


Medworks

Recommended Posts

They USED to work, but one day, it just stopped (I think either a hacker did this or I did something to it in the act of fighting a hacker who had brutalized my site. But go to one of my pages, for instance this one:

 

http://medexamtools.com/oscommerce1/product_info.php?products_id=70

 

and click on the word webpage at the bottom:

 

For more information, please visit this products webpage

 

When the mouse cursor is over the word "webpage" it says at the bottom:

 

http://medexamtools.com/oscommerce1/redirect.php?action=url&goto=www.medexamtools.com/Lister-regularpage.htm

 

and where does it go? It goes here:

 

http://www.medexamtools.comlister-regularpage.htm/

 

It took out the forward slash between com and lister! (it also made Lister lower case and added a forward slash at the end)

 

http://www.medexamtools.com/Lister-regularpage.htm is a real page. And when I am editing the listing for 4.5 inch lister bandage scissors using oscommerce's catalog, and I am at this page:

 

http://medexamtools.com/oscommerce1/admin/categories.php?cPath=30&pID=70&action=new_product

 

sure enough, I have it in there as www.medexamtools.com/Lister-regularpage.htm

WITH the forward slash between com and Lister, with Lister capitalized, and with no forward slash at the end. And if I add a forward slash at the end or make Lister lower case, it goes to a 404 page, so it MUST keep those the same in addition to not removing the forward slash between com and Lister.

 

It does this for every single item in the catalog. How do I get it to not do this?

Link to comment
Share on other sites

Sandor,

 

If you have installed Security Pro (r7) as a result of hacker activity, then it is Security Pro that is denying redirect.php from sending customers to outside URL's. Since Security Pro no longer has admin configurable exclusions, you would have to edit one of the files to allow for redirect.php to function. Refer to the Security Pro thread for instructions where to edit the file, I remember reading about it there.

 

 

 

Chris

Link to comment
Share on other sites

Sandor,

 

If you have installed Security Pro (r7) as a result of hacker activity, then it is Security Pro that is denying redirect.php from sending customers to outside URL's. Since Security Pro no longer has admin configurable exclusions, you would have to edit one of the files to allow for redirect.php to function. Refer to the Security Pro thread for instructions where to edit the file, I remember reading about it there.

 

 

 

Chris

 

Indeed I did install FWR security pro in response to hacking activity. The worst damage to my site has been caused by me, in the act of fighting hackers. At one other point my credit card module would not work!

 

Is it post #207 on January 20 on page 11 that applies to my situation?

 

FWR security pro doesn't seem to be keeping the hackers out, I must say. They generate a fake admin ID with a password of their choice, and then they sign in with that, and they are free to do ANYthing. FWR security pro seems to be a padlock on the cellar door when the front door is unlocked and swinging wide open in the wind. Do you by any chance know what they are doing to generate fake admin accounts? I talked to my webhost already about making the part of the SQL database that holds the admin accounts read only, and they won't do it. My other idea is changing some code somewhere so that to log in as an admin, your password must match your username AND your admin ID must be 1. Since there is only admin whose id number is 1, and that is me, if they generate a fake admin, it will have a different number, but do you know how to implement that by any chance?

Link to comment
Share on other sites

Sandor,

 

 

If you still have hacker activity, then there are backdoors installed on your server. You must check every file for malicious code and remove ALL anomalous files from your server to prevent future attacks. The hacker is more than likely not directly accessing the database.

 

You MUST implement ALL of the security changes as outlined in these two threads:

 

Admin Security and Website Security

 

 

 

 

Chris

Link to comment
Share on other sites

Sandor,

 

 

If you still have hacker activity, then there are backdoors installed on your server. You must check every file for malicious code and remove ALL anomalous files from your server to prevent future attacks. The hacker is more than likely not directly accessing the database.

 

You MUST implement ALL of the security changes as outlined in these two threads:

 

Admin Security and Website Security

 

 

Is it post #207 on January 20 on page 11 that applies to my situation?

 

I asked a very important question, the whole reason for me being here, and then I made an additional inquiry just in case you happened to know the answer, a P.S. after the end of the letter if you will, and apparently by the time you were done reading it, you had forgotten the question. So I will list the question several times all through the message this time. I appreciate you directing me to the source of the problem, I really do, but instead of giving me the solution, you directed me to a thread with hundreds of long posts that have occurred over many years, and said that one of them may contain the answer. And I actually searched through your haystack, and it's not like it is a problem that is mentioned once and then answered once and then everyone that replies to that answer only does so to say "oh, thank you, that fixes everything, I am in awe of your expertise", it is a haystack with several needles and needle X says "needle Y is not the answer" and needle Z says "I may be the answer to a problem that may not exactly be the one you have".

 

Is it post #207 on January 20 on page 11 that applies to my situation?

 

There is no malicious code in my files. Last I checked, that is, and I was certainly getting hacked before that. And I would know, because I have archives of my files going back to 2008, and one thing they can't change is the file date and time the last time each and every file was modified, and I can see when and if the files were changed every step of the way. There are no anomalous files. Occasionally there is something but then I remove it, and usually it was junk put into my oscommerce images directory, but I changed the permissions to 4 4 5 and they don't do that now. Oscommerce is obviously easily hacked, but I don't myself know how they do it. BUT I do know what they do. The hackers, as I said, insert a username/password into the admin listings in the database and then they sign in with the admin account they created and then they have free reign. They DO have the direct ability to INSERT things into the database without any special files present on my website or any special code in the files. I am sure they don't directly access the database, they use oscommerce, but it is not a malicious add-on, it is just files in oscommerce that are supposed to be there. I read the access logs and the .bash_history file to see exactly what they do after they they get in. Occasionally they "get" files that are anomalous, but I look and they are files that are not there when I look. So maybe they create anomalous files which they use as a backdoor to get in and then they delete them after they are done with them. And that really amounts to the same thing as not needing malicious code or anomalous files to already be there. They can insert a new entry for a new admin account and sign in with that and do anything, or they can change the business name from "Medworks" to "Medworks</title><script src="http://blahblahblah/</script><title>" without bothering to create a new user and have my website load some nasty external javascript when someone goes to the shopping cart, and I have already been through that list or I wouldn't already have FWR Suck-urity Pro installed, but I'll admit the one that tells me to change the name of the admin directory is new to me. Nevertheless, it is a secondary issue to my question:

 

Is it post #207 on January 20 on page 11 that applies to my situation? I REPEAT

Is it post #207 on January 20 on page 11 that applies to my situation?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...