Chris
Edited by DunWeb, 26 January 2012, 14:54.
Latest News: (loading..)
3
203 replies to this topic
#201
-
- Community Sponsor
-
- 9,465 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 26 January 2012, 14:54
oops
Chris
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Check my About Me page for information about Support Plans, Templates, Custom Add Ons and Professional osCommerce Security Services :|:
:|: Check my About Me page for information about Support Plans, Templates, Custom Add Ons and Professional osCommerce Security Services :|:
#202
Posted 26 January 2012, 17:15
ski holidays, on 26 January 2012, 14:05, said:
Hi All, my installation of Oscommerce RC2.2 was hacked even though I renamed admin folder and applied htaccess. Does anybody know if any other possible vulnerability that could of allowed the hackers in?
Hello there, for the 2.2 Osc there's a bunch of securty recommendations. See the very first post in this topic by Jan; he provides info there on more security measures.
I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
#204
Posted 27 January 2012, 18:59
There is a known security issue with the 2.2 range of osCommerce versions that offer an admin login. It is possible that attackers were able to add rogue shell files into your sites directories, often in the images directory, which are used to exploit your website. So along with following the security recommendations here, make sure you go through all your website directories and remove any php files that should not be there.
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
