Jack_mcs Posted February 27, 2017 Share Posted February 27, 2017 @@bigbob2 It's too late now but I suggest you install Site Monitor. It will inform of what changes have been made so fixing things after a hacker gets in is a lot easier. As it is now, you don't know what files may be present so you need check your files. Regarding the test I mentioned, be sure you enter the location to your shop. For example, if it is located in a directory named shop, then you have to include that in the url to be tested. Otherwise the test will check the root directory and that may give wrong results. If you did enter the url correctly, try going to http://your domain/includes/configure.php. You shouldn't be allowed to show it. If you can, then there is a serious problem. Do the same with the images. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
bigbob2 Posted February 27, 2017 Author Share Posted February 27, 2017 @@bigbob2 It's too late now but I suggest you install Site Monitor. It will inform of what changes have been made so fixing things after a hacker gets in is a lot easier. As it is now, you don't know what files may be present so you need check your files. Regarding the test I mentioned, be sure you enter the location to your shop. For example, if it is located in a directory named shop, then you have to include that in the url to be tested. Otherwise the test will check the root directory and that may give wrong results. If you did enter the url correctly, try going to http://your domain/includes/configure.php. You shouldn't be allowed to show it. If you can, then there is a serious problem. Do the same with the images. Thanks Jack, I did have the URL correct, including the /store which is what the directory is called. I did as you suggested and both the config and images come up forbidden as I would have expected. I'm not sure why the test site picks these up as fails. At least I know they are secured, so there is not a gaping hole in the site on any of those issues. Thanks. Link to comment Share on other sites More sharing options...
Dan Cole Posted February 27, 2017 Share Posted February 27, 2017 @@bigbob2 Kevin I'm a bit puzzled by this... So a hacker I asked to look at the site has told me that they can get in by SQL injection. I did some reading and found an update that we didn't have in place around the geo-zones page, so I have implemented that. Here it is for reference: https://github.com/g...fb048bfe31c902 Your link points to a minor change in catalog/admin/geo_zones.php. ensuring that the input is an integer. Given that the file is located in the admin site of your shop, how does anyone, who doesn't have admin access, preform some sort of SQL injection? Is that even possible? Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 27, 2017 Share Posted February 27, 2017 @@bigbob2 That's strange. I can't say why the test would return a false positive. Maybe some setting on your server is causing it. As long as you are sure it is protected, that's all that matters. @@Dan Cole You are correct. It should not be possible. Years ago there was a way to post into the admin without a login but that hole was plugged and I've not heard of it. Although, I don't recall the op saying what version he is using so it may be he has an older version that still has security holes in it. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Dan Cole Posted February 27, 2017 Share Posted February 27, 2017 @@Jack_mcs Kevin mentions that he is running 2.3.4 so I can't see the fix he posted as being relevant to the hack. I am running a heavily modified 2.3.4 version of OSC Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Jack_mcs Posted February 27, 2017 Share Posted February 27, 2017 Ahh, I missed that. Thanks for pointing it out. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
bigbob2 Posted February 27, 2017 Author Share Posted February 27, 2017 Well, some good news for a change!!! I got the report back from the host and it turns out that the site was not brought down by a malicious attack, and it seems like it was unrelated to the email from the hacker who had accessed our database. The site was brought down by some very heavy over indexing by bots, which have now been banned by the server and they have made some changes and cleaned up things to prevent the resources from becoming overloaded and crashing our site again. The site is now showing normal levels of activity and they are going to continue to monitor it. So now my problem is I need to find out how the original SQL injection was done and then block it. The SQL injection I talked about earlier may or may not have had any relevance to it, I just googled it and when I found that we did not have that patch, I applied it. From the reaction you guys have given, it sounds like it was probably unrelated to how this person got in, but any holes I can patch can only be a good thing. To reiterate, my site is 2.3.4, but as there have been many other addons done, one of them could have also created a hole. Obviously the above patch was not there, so there are possibly other patches that have been missed along the way too, so I am not out of the woods yet! Thanks Kevin Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.