Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

I think I got hacked


andrewhawk03

Recommended Posts

What version of osCommerce are you using and what security measures do you have in place to protect your website?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Andrew,

 

Did you install the security patches and the security contributions for v2.2 ? Have you scanned your site with an online website scanner to see if there is malware on it ?

 

Avast and Lavasoft are not sufficient.

 

 

 

Chris

Link to comment
Share on other sites

Did you check you syslogs and your log files to see if you had other ip attach to your server? are you running a full server or VPS ? Plus do you have your server lock not just your site ;) You can change you admin login threw your control panel via myphpadmin ect. if you have full control of your server check your firewall and open ports there are many things that can get you hacked .. please post back ;)

Link to comment
Share on other sites

if you got any ips from china and asia it may be a proxy then I would look into those ips . If you have iptables setup block china and russia from your server along with turkey and north afirca even this romania these countrys are well know hack places or ip spoofers

Link to comment
Share on other sites

The security hole in that version of osCommerce is well known. Your site needs patching Andrew as well as the files in it cleaned of any code that attackers were able to add because of the security hole in that older version that you are using.

 

Have a read through the recommendations here

http://www.oscommerce.com/forums/topic/375288-updated-security-thread/

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

I had this issue earlier today :)

i used .htaccess password which i created myself, oscommerce locked on me and did not accept my log in credentials

I reinstalled the script and this time used oscommerce native .htaccess password protection, that took care of the problem, hope it helps.

/* I would love

* to change the world

* but they won't give me the

* source code */

 

outside url's not allowed in signatures

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...