Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is this a hack?


altermate

Recommended Posts

It is hacker code as Jack stated and if you found it on your site then you need to (if you are not already doing so) secure your site because merely removing it will not prevent a 'hacker' from reinserting it again.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Thats good to hear. However I would not consider that line of code to be 'left over'. It is the primary attack code inserted usually into the cookie_usage.php file to allow attackers to upload more files, get file permissions and listings of files within your site, read the contents of files and prepend and append code to other files throughout your site that are writable by the PHP script.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

I guess my point was, you have found it in whatever file you found it in. The point is once you understand what it does you can then make an informed decision as to whether or not this was just some left over code from an attack, or what it really was, which was a backdoor into your sites files.

 

That then means that you pretty much should have a good look through all your files and directories again for additional files and added code, and look through at least the main site files like:

yoursite.com/.htaccess

yoursite.com/index.php

yoursite.com/cookie_usage.php

yoursite.com/includes/application_top.php

yoursite.com/includes/header.php

yoursite.com/includes/languages/english/cookie_usage.php

 

and other files for any additional code that may have been added.

 

Also if you have not already done so have a look at the addon in my signature called osC_Sec.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...