Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

b347k never seen before


milkman45

Recommended Posts

  • Hi all. First time here. been doing my own site since 2007 and have always sorted out issues via your members replies and such. However i've hit upon an issue i have never seen. i can only take a screen print and post it as reference if any one would have a clue once viewed. I'll place a link to the image from my web page here soon.

  •  

    This is the screen print image, albeit the top half. http://www.rabhobbies.com.au/images/347.jpg

Link to comment
Share on other sites

To experiebce this issue first hand all that is required is ::

 

1. Open page "http://www.rabhobbies.com.au/estore/catalog/"

 

2. Buy an item, any item, and add to cart.

 

3. Click on "Check out" icon/button with out creating a profile from the cart in header .

 

4. this is supposed to take you to the login page to either "sign in" or create a profile if you do not have one.

 

!!!!!!  No idea on this one and no idea why.....

Link to comment
Share on other sites

What version of osC is that exactly?

Did your provider update something recently?

Did YOU change something recently? (New add-ons...)

Which PHP version is used on the server?

Can you access the admin area?

Any other problems/errors?

Link to comment
Share on other sites

What version of osC is that exactly?                                          2.2 RC1

Did your provider update something recently?                          No

Did YOU change something recently? (New add-ons...)            Yes, CSS tweeks

Which PHP version is used on the server?                                5.2.17

Can you access the admin area?                                              Yes

Any other problems/errors?                                                       Yes i can .  Stayed up until 2.00am running through the a dummy sale to test all parameters.  All good apart from  this weird problem which will only come up if youa re not logged in and click on the "Check out" button or icon letters.

Link to comment
Share on other sites

@@milkman45

 

I would shut down your site now. As @@wHiTeHaT says you've been hacked.

b347k is a remote management tool for your webserver. If you didn't put it there someone else did.

When that screen opens anyone can edit/delete files. I would shut your site down now just to be sure and get it checked, cleaned up and upgrade to latest version of osCommerce for better security.

 

some malware info http://kb.sucuri.net/malware/signatures/php.backdoor.b374k-shell

 

cheers :santa:

My Add-ons
Advanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download Support
Ajax Product Listing for osC 2.3.4 (bootstrap) Download Support
Category New Products Carousel for osC 2.3.4 (bootstrap) Download Support
Category Popular Products Carousel for osC 2.3.4 (bootstrap) Download Support
Customer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download Support
Front Page New Products Carousel for osC 2.3.4 (bootstrap) Download Support

Index Nested - Product Listing for osC 2.3.4 (bootstrapDownload Support
Match Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download Support
Modular Category Page for osC 2.3.4 (bootstrap)
Download Support

NEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download Support
NEW Equal Height Module for osC 2.3.4 (bootstrapDownload Support
Products Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download Support
Twitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap)
Download Support

Upcoming Products Modules for osC 2.3.4 (bootstrap) Download Support

 
Assisted Add-ons
Scroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support
 
Bootstrap Add-ons created by other members
osCommerce Bootstrap Addons and Code

Link to comment
Share on other sites

Hi guys ,

 

thanks for the update on what this is.  I've been able to locate the file and have replaced the affected .php with a fresh version and it no longer  comes up.  All i need to do is now update to the latest version, however my site is highly moded !

 

Any idea on good, decent coders who can do the cross over from 2.2RC 1 to the latest 2.4.

Link to comment
Share on other sites

thanks for the update on what this is.  I've been able to locate the file and have replaced the affected .php with a fresh version and it no longer  comes up.  All i need to do is now update to the latest version, however my site is highly moded !

The other thing you should think about is how you got hacked in the first place and how to shut that down so it doesn't happen again while you are upgrading your site.

Link to comment
Share on other sites

How i was hacked is a BIG question as i changed the password to a new one about a month ago.  As well as replacing and updating files in question while adding and tweaking most of the ADDONS on the site.

 

Thanks for the all the suggestions and i will look into the commercial support section for help in upgrading.

Link to comment
Share on other sites

If you had just changed your password(s) and then you were hacked, it's possible that a hacker got your password(s) via spyware on your PC. Definitely do a thorough antivirus and antispyware scan of all PCs used to access your site (admin), and then change all passwords again (especially if any malware showed up).

Link to comment
Share on other sites

Hi Guys,

 

Thanks for the update and info on the HACKING question.   

 

Located the Trojan/Virus files and deleted. Clean installed the files required as presented.  Last was the "Hacked by GoHack" scripting.  This was harder as it was disguised better.  Found the two offending php files and deleted and updated the password again.  Now tracking activity on a daily basis and so far all good. 

 

Again, thanks.

 

Ren.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...