Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Have I been hacked???? HELP!


iamcanadian2

Recommended Posts

I go through my C-Panel & I am only supposed to have 2 databases, 1 for my oscommerce & one for phpbb. There is a huge list of other empty databases, such as dungeon_pnuke bunnies_xmb2 blueridg_website, etc, etc. There must be about 48 others there.

 

Where do they come from, can I just delete them and how can I prevent this from ever happening again?

 

Thanks...

Link to comment
Share on other sites

Last night there was a Cpanel update and it caused a glitch.

 

Nothing can be harmed you just see everyone's database names.

 

I will see if I can get my hosting guy to say what the fix is.

Link to comment
Share on other sites

The fix:

 

The 'root' user of the server needs to telnet in and execute two scripts:

 

/scripts/updatenow

/scripts/fixmysql

Link to comment
Share on other sites

Incidentally, the update Cpanel did last night ugpraded the mysql database version from 3.23 to 4.0.12, which changes some security schemes on the database which Cpanel missed. But v4 is more robust and adds some advanced caching which may improve performance on your osc.

Link to comment
Share on other sites

Incidentally, the update Cpanel did last night ugpraded the mysql database version from 3.23 to 4.0.12, which changes some security schemes on the database which Cpanel missed.  But v4 is more robust and adds some advanced caching which may improve performance on your osc.

 

Wonder if that fixed the one I broke last week ... hmm ...

 

Have to find a site I don't care about and try to break things.

Link to comment
Share on other sites

Additionally, php4.0 supports multi table updates, which means that there are a *ton* of osc queries that can be re-written to be *much* more effiient.

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

I ran those scripts first and afterward had different problems and was referred to this site which helped a lot.

:)

http://www.vbulletin.com/forum/showthread....?threadid=69070

and

http://forums.cpanel.net/showthread.php?s=...15&pagenumber=1

 

I ran /scripts/easyapache and all the mysql updates and was still having problems with a couple of sites but very sporadically.

 

This will fix each site's db if you are root:

killall chkservd

/etc/rc.d/init.d/mysql stop

cd /var/lib/mysql/[database name]

myisamchk -r *.MYI

/etc/rc.d/init.d/mysql start

/usr/sbin/chkservd

 

After ALL this all of my stores were showing that warning: I can write to your config file etc... so had to chmod 444 configure.php on the catalog only for some reason. The admin is working and it's 644. :?

 

And then today I got that whos_online error on just one site so went into phpmyadmin, dropped the whos_online table, removed the cron job...readded the whos_online and readded the cron job.

 

So far they are all up. I am now going into each one and removing whos_online and readding it just to make sure.

 

What a mess...

Link to comment
Share on other sites

Weird ... I have been lucky and other than Jim's magnificent quick response fix ... I did not have to drop any tables ... yet.

 

I did not have to change the configure.php files as they are already set to that from manual uploads on the site.

 

What php version are you using?

Link to comment
Share on other sites

Linda,

 

Details:

Database: MySQL 4.0.12

HTTP Server: Apache/1.3.27 (Unix) mod_bwlimited/1.0 mod_log_bytes/1.2 FrontPage/5.0.2.2510 mod_ssl/2.8.12 OpenSSL/0.9.6b PHP-CGI/0.1b

PHP Version: 4.3.1 (Zend: 1.3.0)

 

I'm really surprised about the catalog configure.php file but that's the only way I could get it to work and was reading on the forum where window's users set theirs to read only which is 444. I remember reading that we have enhanced security now so maybe that's it.

 

Did you get your attribute manager rewritten? I haven't had time to check messing with the server since last FRIDAY! :roll:

Link to comment
Share on other sites

Still working on it ... typing very, very fast.

 

Also ... you have php 4.3.1 working.

 

Did you have to do anything special to it?

 

As in, can you load a clean snapshot from say 04-15-2003 without any changes and a clean MySQL with just the sample data (changing settings via the Admin is okay) and have it work?

Link to comment
Share on other sites

Hi,

 

Nothing special to php 4.3.1. Several weeks ago I while logging into whm which is the server manager there was a message to run an update so I went into root and ran that update noticing while it was happening that php was being updated...what a scary thought! I said "oh well" but after it finished everything was very smooth and no problems.

 

I will load a clean sample and let you know.

 

I know I loaded one during all these problems but haven't afterward and still had to set the configure to 444.

Link to comment
Share on other sites

osC & php 4.3.1 is running smooth with me too

Robert

 

We all need to learn it once, how hard it may seem when you look at it, also you will master it someday ;)

Link to comment
Share on other sites

Linda,

 

If you were talking about working with php 4.3.1 ... yes it does work.

 

I just did a fresh install and this time I didn't have to chmod the configure.php files to 777 to install and then back again. It installed with settings at 644 although I still had to change catalog/includes/configure.php to 444 to get rid of the warning at the top.

 

I think this permission change is because I ran the script to compile apache so scripts would run as owner and not as "nobody"...dont' know for sure...still learning :)

 

Oh, .......................... keep typing!!! :lol: :lol: :D

Link to comment
Share on other sites

I will load a clean sample and let you know.

 

I know I loaded one during all these problems but haven't afterward and still had to set the configure to 444.

 

Thanks on the sample ... it would really help me out a lot to know everything loads without a hitch.

 

Also, I tripped over the 644 issue on a site last night ... :shock:

 

Then I remembered reading one of your posts about 444 working ... tried it ... site liked it ... all was right in the world once more. :D

Link to comment
Share on other sites

Linda,

 

If you were talking about working with php 4.3.1 ... yes it does work.

 

I just did a fresh install and this time I didn't have to chmod the configure.php files to 777 to install and then back again.  It installed with settings at 644 although I still had to change catalog/includes/configure.php to 444 to get rid of the warning at the top.

 

I think this permission change is because I ran the script to compile apache so scripts would run as owner and not as "nobody"...dont' know for sure...still learning  :)

 

Oh, .......................... keep typing!!! :lol:  :lol:  :D

 

Thanks so much for testing this, Melinda. You too, Robert ... :D

 

Maybe I will take the plunge and go for the next update once Cpanel and/or php work out an issue on the current release causing some such issue that I probably do not want to deal with.

 

Fortunatly ... my hosting guy provides that added touch of confirming life is great for osCommerce and when I asked him to hold off the other day until I had some kind of confirmation that all was well he agreed.

 

Then he came across another issue that has made him hesitate ... so I will leave it in his hands to keep the server humming happily for osCommerce.

Link to comment
Share on other sites

Linda,

 

I have all the fixes if you need them. :lol: :lol:

 

I never had a problem with 4.3.1 when it updated but only with this last update of mysql from cpanel.

 

I have my server set on "stable" releases if you can believe that and had all this trouble.

 

They had so many complaints that now in the server manager you can downgrade to mysql 3 ... I told them they were crazy after this headache.

 

I will let you know if I see more messages about this in the forum or in the server manager.

 

Glad the 444 helped you out.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...