Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

orders stopped appearing in admin section


Guest

Recommended Posts

I have a client site that I setup about 5 years ago.

 

It's seemed to be hacked a couple of time, but I keep trying to patch or stop any attempts.

 

Recently the site had been hacked my client noticed because new orders weren't appearing in the site's admin area, but they had been getting payment email notifications form their merchant.

 

I took my normal steps after finding the site had been hacked. Deleted all the sites file and replaced them with a backup of a clean working version. I had my client do a test transaction and there still seems to be a problem. The order is processed by the merchant but no new order appears on the admin order screen, and the order doesn't appear in the database.

 

My questions is what could have stopped working? What should I be looking for? How could the site still be broke after replacing all the files...

Link to comment
Share on other sites

I have a client site that I setup about 5 years ago.

 

It's seemed to be hacked a couple of time, but I keep trying to patch or stop any attempts.

 

Recently the site had been hacked my client noticed because new orders weren't appearing in the site's admin area, but they had been getting payment email notifications form their merchant.

 

I took my normal steps after finding the site had been hacked. Deleted all the sites file and replaced them with a backup of a clean working version. I had my client do a test transaction and there still seems to be a problem. The order is processed by the merchant but no new order appears on the admin order screen, and the order doesn't appear in the database.

 

My questions is what could have stopped working? What should I be looking for? How could the site still be broke after replacing all the files...

 

 

Adam,

 

If you are offering your services to a 'client' then you should be qualified to offer those services. By what you just posted, it is apparent you are not qualified to offer services to osCommerce clients. IF you were, you would know that you can't just upload what you think is a clean backup. You would know that if the site has been hacked repeatedly that there are still vulnerabilities that you have not corrected and your client is a fool for hiring your repeatedly to correct the vulnerabilities.

 

Having said that, here are a few tips:

 

1) have your client scan any computer that accesses their website for 'sniffers' or 'snoopers'. The log passwords and send them back to the hacker.

2) patch all known security vulnerabilities and install the appropriate security contributions.

3) change ALL passwords, FTP, Hosting Control Panel and store admin.

4) Locate and remove ALL anomalous files. These are back doors hackers use to gain access to the clients server whenever they want.

5) Check EACH AND EVERY FILE for malware or malicious code.

6) check the database for injections that would allow the hacker to gain access to the website.

7) UPDATE the clients current version, if it is 5 years old, it could be as many as 2 versions behind the current version. THIS tip is the most important as a good developer would have suggested this to the client immediately upon its release and especially after a hack.

 

 

In all fairness to the client, you should suggest to them that they hire an osCommerce professional to work on their website. That would be the best advice you could offer the client. "If you are not an Astronaut, don't pretend to be one"

 

 

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...