Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

dynopack title hack?


Recommended Posts

Had 2 of my OSCMax sites hacked. They somehow injected a js script into the STORE_NAME variable in the configuration table in the db so the title header was reading something like <title>mysite.com</title><src=js dynopack.js<title> : </title> or something close, I've deleted it.


After changing the db entry it came back, and I'm not sure how. I've implemented security fixes and now it's not appearing in the db any longer however it still shows in the title tag, the only short term patch that worked was to remove the <title> line from the main_page.tpl.php file which got one of them back online.


The second site has the same issue but now the browser does a connection reset 1/2 way through loading the footer. I"ve redirected it short term.


Any ideas?

Link to comment
Share on other sites

  • 1 month later...

Did you find a "solution" for this?

I've got a recurring issue.


I have a config-cache extension installed so I'm able to set the config then lock the file down so it changes in the DB but not in the cached config file. Literally a band-aid over a wicked infection.

Sam M. - Seattle

Link to comment
Share on other sites

The solution is to secure your sites. After cleaning out your sites of th added code, either put protection on the admin directory or install osC_Sec addon (see link in my signature).

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...