What does this mean in my list of user's online?

[Glamourous]

Hi,

 

In the oscommerce admin section there's a part where we can view who's online.

It usually shows the path to what they are viewing, however I see a few of these..what does this mean and is there cause for concern? Why is it in my admin section? Thank you!

 

Full Name IP Address Last URL

Guest 94.23.215.208 /products_new.php/admin/banner_manager.php/login.php

Guest 89.238.225.202 /products_new.php/admin/categories.php/login.php

[germ]

Just someone trying to hack their way in...

:blush:

 

How to Secure Your Site

[Glamourous]

Oh my gosh, what can I do about this?

[♥14steve14]

If you are using version 2.2 read the securinty thread. There is a post there that has been pinned to the top of the forum.

[germ]

Start by clicking the link I posted.

:huh:

[Glamourous]

oops sorry didn't see that. thanks!

Start by clicking the link I posted.

:huh:

[Glamourous]

I've another question. I've seen this pretty often but my website is still okay does this mean they could not hack into it?

[germ]

Maybe... Maybe not.

 

Hacks generally fall into 3 categories:

 

1. The "Look what I can do" hack. They replace all your pages with a "Hacked by dirty-rotten-so-and-so" page.

 

2. The hack that trys to infect your PC with some malicious download. Commonly called a "Drive by".

 

3. The "silent hack". They add code to try to steal information. Hard to detect without inspecting EVERY FILE on the site.

 

Quite honestly if your site is vulnerable by the time you see those in the online list it's usually too late.

[Hotclutch]

Just someone trying to hack their way in...

:blush:

 

How to Secure Your Site

 

:)

[Hotclutch]

Hi,

 

In the oscommerce admin section there's a part where we can view who's online.

It usually shows the path to what they are viewing, however I see a few of these..what does this mean and is there cause for concern? Why is it in my admin section? Thank you!

 

Full Name IP Address Last URL

Guest 94.23.215.208 /products_new.php/admin/banner_manager.php/login.php

Guest 89.238.225.202 /products_new.php/admin/categories.php/login.php

 

Follow the tips in the link Jim posted. As you can see they are looking for your admin folder, so start by renaming that. If your store is still V2.2 you should also try to bring it up to date with the security fixes available on the forum. See the upgrade guide.

[germ]

I went over your posts looking for your URL.

 

Evidently you had an image problem at one time and sent me your URL, although I have no clue now what it is now (I don't keep old PM's).

 

If I didn't tell you back then that your site was vulnerable to what you've been seeing in your online list then you're immune to that hack.

 

And I don't have a clue what I told you back then either.

 

I've slept since then.

:lol:

 

Whenver I see anyone's URL (by post or PM) I always check for that vulnerability and tell them if I find it.

 

HTH

:)

[Glamourous]

Thank you so much for the replies and information! My site is running on the latest version. I've fixed the image problem already back then ;)

 

Actually everything is running moothly on my site now except i'm afraid of hacks and I see these weird urls.

 

Do you think you could take some time to view my site and tell me if it's vulnerable? Would be very glad if you could but if not it's ok as well. Thanks

[germ]

If your site is running osC v2.3.1 then you are immune to that hack.

 

If you want me to assess site security from a user standpoint again I'll need the URL once more.

:blush:

[germ]

PM received.

 

Site checked out.

 

You are definitely immune to the hack you've been seeing in the "Who's Online".

:thumbsup:

[Glamourous]

Thank you very much! :D