Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

following hacking attempt a load of random manufacturers appeared


thezerocool

Recommended Posts

I thought it may be of interested to some, it may already be common knowledge, I dunno but i'm paying it forward just in case.

 

I has my eStore hacked and abused for what seemed like the benefit of somebody using my server to spam, my server host shut the site down offering me 0 support regarding logging so its taken me ages to getting round to sorting this, its most likely from a 2.2 install I would think, cant remember exactly what version it was running as were going back a good long time now! Only really has the time to go through the data now as im off work on my holidays. Better late than never.

 

Basically they exploited the build to get a serious of php files in the image directories, and I thought it was purely a exploit due thanks to the lack-of/misconfig-of the .htaccess files at the time but it seems they have also added in data to the database as follows to achieve their exploit:

 

 

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('10', '', 'goog1e2ef4d47504365.php', '2010-08-18 13:18:11', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('11', '', 'goog1e30a69a2e889b43.php', '2010-08-24 23:05:10', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('12', '', 'goog1ebe4cc6f1eb57.php', '2010-08-28 16:31:01', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('13', '', 'goog1ec1176531c5a733.php', '2010-09-02 15:12:12', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('14', '', 'goog1e97631722c08567.php', '2010-09-03 21:23:34', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('15', '', 'goog1eb473b4dd14c2.php', '2010-09-05 07:07:47', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('16', '', 'goog1e338a5e3bcd1ec7.php', '2010-09-07 16:49:05', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('17', '', 'goog1e32b140566f977b.php', '2010-09-15 15:15:59', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('18', '', 'goog1e22281d839b557f.php', '2010-09-15 20:51:19', NULL);

insert into manufacturers (manufacturers_id, manufacturers_name, manufacturers_image, date_added, last_modified) values ('19', '', 'goog1e2a66bda264548.php', '2010-09-27 03:36:12', NULL);

 

Is this a security hole that is known???

 

Hopefully not a issue in the future or in current builds.

Link to comment
Share on other sites

Yes

 

Also check the store name on your shop configuration page in admin.

 

You should also read the threads in the 2.2. security forum for things to do to secure your site.

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...