1 reply to this topic

[eka]

Hello

I am following advice at http://forums.oscommerce.com/topic/313323-how-to-secure-your-site/ to secure my new and first osC store and have just installed Site Monitor. At Step 6 of the installation:

1. I got from clicking on the first 3 buttons "Warning: fopen(sitemonitor_reference.php) [function.fopen]: failed to open stream: Permission denied in catalog/admin/includes/functions/sitemonitor_functions.php on line 308
Failed to open file sitemonitor_reference.php". What must I do to resolve this?

2. I clicked on the fourth update button "Manually Check for Hacked Files" and got "Checked 103 directories containing a total of 635 files. Skipped 427 files. 2 suspected hacked files found.
Hacked Files Found
images/yahoo/index.php
includes/modules/payment/paypal_standard.php". What would be your interpretation of these results and what would you do to resolve the issue if any?

Thanks
eka

[spooks]

there should be no php files in your images dir, so you have been hacked

ideal solution is to ask host to wipe site & restore with know clean backup.

Otherwise check every single file on the site, be especially suspicious if there any files/dirs you cannot delete.

Looking at file dates can help in finding when hack occured first.