milkman45 Posted December 5, 2014 Share Posted December 5, 2014 Hi all. First time here. been doing my own site since 2007 and have always sorted out issues via your members replies and such. However i've hit upon an issue i have never seen. i can only take a screen print and post it as reference if any one would have a clue once viewed. I'll place a link to the image from my web page here soon. This is the screen print image, albeit the top half. http://www.rabhobbies.com.au/images/347.jpg Link to comment Share on other sites More sharing options...
milkman45 Posted December 5, 2014 Author Share Posted December 5, 2014 To experiebce this issue first hand all that is required is :: 1. Open page "http://www.rabhobbies.com.au/estore/catalog/" 2. Buy an item, any item, and add to cart. 3. Click on "Check out" icon/button with out creating a profile from the cart in header . 4. this is supposed to take you to the login page to either "sign in" or create a profile if you do not have one. !!!!!! No idea on this one and no idea why..... Link to comment Share on other sites More sharing options...
♥Tsimi Posted December 5, 2014 Share Posted December 5, 2014 What version of osC is that exactly? Did your provider update something recently? Did YOU change something recently? (New add-ons...) Which PHP version is used on the server? Can you access the admin area? Any other problems/errors? Link to comment Share on other sites More sharing options...
milkman45 Posted December 5, 2014 Author Share Posted December 5, 2014 What version of osC is that exactly? 2.2 RC1 Did your provider update something recently? No Did YOU change something recently? (New add-ons...) Yes, CSS tweeks Which PHP version is used on the server? 5.2.17 Can you access the admin area? Yes Any other problems/errors? Yes i can . Stayed up until 2.00am running through the a dummy sale to test all parameters. All good apart from this weird problem which will only come up if youa re not logged in and click on the "Check out" button or icon letters. Link to comment Share on other sites More sharing options...
milkman45 Posted December 5, 2014 Author Share Posted December 5, 2014 Any other problems/errors? (sorry) No other problems at all............... Link to comment Share on other sites More sharing options...
oscMarket Posted December 5, 2014 Share Posted December 5, 2014 https://code.google.com/p/b374k-shell/ This is useful for system/web admin to do remote management without opening cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. your hacked Link to comment Share on other sites More sharing options...
auzStar Posted December 5, 2014 Share Posted December 5, 2014 @@milkman45 I would shut down your site now. As @@wHiTeHaT says you've been hacked. b347k is a remote management tool for your webserver. If you didn't put it there someone else did. When that screen opens anyone can edit/delete files. I would shut your site down now just to be sure and get it checked, cleaned up and upgrade to latest version of osCommerce for better security. some malware info http://kb.sucuri.net/malware/signatures/php.backdoor.b374k-shell cheers :santa: My Add-onsAdvanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download SupportAjax Product Listing for osC 2.3.4 (bootstrap) Download SupportCategory New Products Carousel for osC 2.3.4 (bootstrap) Download SupportCategory Popular Products Carousel for osC 2.3.4 (bootstrap) Download SupportCustomer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportFront Page New Products Carousel for osC 2.3.4 (bootstrap) Download SupportIndex Nested - Product Listing for osC 2.3.4 (bootstrap) Download SupportMatch Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download SupportModular Category Page for osC 2.3.4 (bootstrap) Download SupportNEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download SupportNEW Equal Height Module for osC 2.3.4 (bootstrap) Download SupportProducts Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download SupportTwitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportUpcoming Products Modules for osC 2.3.4 (bootstrap) Download Support Assisted Add-onsScroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support Bootstrap Add-ons created by other membersosCommerce Bootstrap Addons and Code Link to comment Share on other sites More sharing options...
milkman45 Posted December 5, 2014 Author Share Posted December 5, 2014 Hi guys , thanks for the update on what this is. I've been able to locate the file and have replaced the affected .php with a fresh version and it no longer comes up. All i need to do is now update to the latest version, however my site is highly moded ! Any idea on good, decent coders who can do the cross over from 2.2RC 1 to the latest 2.4. Link to comment Share on other sites More sharing options...
♥joli1811 Posted December 5, 2014 Share Posted December 5, 2014 Post in the commercial support section give as many details as possibile looks like quite a large database to me at first glance http://www.oscommerce.com/forums/forum/79-commercial-support-enquiries/ Regards Joli To improve is to change; to be perfect is to change often. Link to comment Share on other sites More sharing options...
Dan Cole Posted December 5, 2014 Share Posted December 5, 2014 thanks for the update on what this is. I've been able to locate the file and have replaced the affected .php with a fresh version and it no longer comes up. All i need to do is now update to the latest version, however my site is highly moded ! The other thing you should think about is how you got hacked in the first place and how to shut that down so it doesn't happen again while you are upgrading your site. Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
milkman45 Posted December 6, 2014 Author Share Posted December 6, 2014 How i was hacked is a BIG question as i changed the password to a new one about a month ago. As well as replacing and updating files in question while adding and tweaking most of the ADDONS on the site. Thanks for the all the suggestions and i will look into the commercial support section for help in upgrading. Link to comment Share on other sites More sharing options...
MrPhil Posted December 6, 2014 Share Posted December 6, 2014 If you had just changed your password(s) and then you were hacked, it's possible that a hacker got your password(s) via spyware on your PC. Definitely do a thorough antivirus and antispyware scan of all PCs used to access your site (admin), and then change all passwords again (especially if any malware showed up). Link to comment Share on other sites More sharing options...
milkman45 Posted December 12, 2014 Author Share Posted December 12, 2014 Hi Guys, Thanks for the update and info on the HACKING question. Located the Trojan/Virus files and deleted. Clean installed the files required as presented. Last was the "Hacked by GoHack" scripting. This was harder as it was disguised better. Found the two offending php files and deleted and updated the password again. Now tracking activity on a daily basis and so far all good. Again, thanks. Ren. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.