Latest News: (loading..)

bigbob2

Members
  • Content count

    152
  • Joined

  • Last visited

About bigbob2

Profile Information

  • Real Name
    Kevin

Recent Profile Visitors

8,429 profile views
  1. Thank you Frank, you're a legend! Cheers Kev
  2. I have an ongoing issue of employees occasionally forgetting to use the shipping address from the customer orders page and instead they will cut and paste the customer address in to our invoicing software. 99% of the time this is the same anyway, but we have been caught out. So my simple solution to this is that I want to change the font color on the customer address and the billing address to be a light grey, so it's visible if needed, but faint enough that nobody will use it. Can someone please tell me how to modify the code in orders.php to make those two unwanted addresses #dadada color? Thanks
  3. Well, some good news for a change!!! I got the report back from the host and it turns out that the site was not brought down by a malicious attack, and it seems like it was unrelated to the email from the hacker who had accessed our database. The site was brought down by some very heavy over indexing by bots, which have now been banned by the server and they have made some changes and cleaned up things to prevent the resources from becoming overloaded and crashing our site again. The site is now showing normal levels of activity and they are going to continue to monitor it. So now my problem is I need to find out how the original SQL injection was done and then block it. The SQL injection I talked about earlier may or may not have had any relevance to it, I just googled it and when I found that we did not have that patch, I applied it. From the reaction you guys have given, it sounds like it was probably unrelated to how this person got in, but any holes I can patch can only be a good thing. To reiterate, my site is 2.3.4, but as there have been many other addons done, one of them could have also created a hole. Obviously the above patch was not there, so there are possibly other patches that have been missed along the way too, so I am not out of the woods yet! Thanks Kevin
  4. Thanks Jack, I did have the URL correct, including the /store which is what the directory is called. I did as you suggested and both the config and images come up forbidden as I would have expected. I'm not sure why the test site picks these up as fails. At least I know they are secured, so there is not a gaping hole in the site on any of those issues. Thanks.
  5. Well, the latest update is that our host has our site up and running again - Yayyy! So a hacker I asked to look at the site has told me that they can get in by SQL injection. I did some reading and found an update that we didn't have in place around the geo-zones page, so I have implemented that. Here it is for reference: https://github.com/gburton/oscommerce2/commit/e4d90eccd7d9072ebe78da4c38fb048bfe31c902 I have spent the day phoning cyber security experts to get someone to do a penetration test for us, which is crazy expensive in my country, so I might have to look internationally. several people I talked to don't believe there was any link between the email we received and the web site going down, although they did find malicious content, so the site may have been hacked by others in the past. Their theory is that if someone installed malicious content, the last ting they would want to do is warn us. I guess I will never know, but I'm still waiting on my host to give a report on what they actually found. I ran our site through the link Jack posted above and is shows fail on the following: ADMIN STATUS: Your admin appears to not be password protected. This may be a serious security problem (some secured admins may return false results). IMAGES STATUS: Your images directory is not secure. INCLUDES STATUS: Your includes directory is not secure. This is a serious security hole and needs to be fixed immediately. However there is another site of mine on the same hosting account, with an identical install of OSC (different products but same store files and setting) and that shows as a clean pass on everything. I have checked one by one and my Admin is secured correctly, My image directory is secured correctly and the Includes directory is secure too, so I'm hoping there is a false positive for some strange reason on this site. Now I'm paranoid about everything. Thanks.
  6. Thanks Jack, I have that part, but it looked like there was supposed to be a configuration page where the items in red could be configured? Thanks.
  7. Great addon, but am I missing something? In the latest version, the instructions say you can go to admin->configuration->database optimizer, but that entry does not seem to be there. I have read over the install instructions again and I can't find where that entry was coded. I had very little sleep last night, so I might just be being stupid though :) Thanks
  8. I have scanned our computers for malware and they all appear to be clean. The latest development is that our web site has gone down and now only gives a 500 Server Error, so I can only assume that the hacker has taken things to the next level, or perhaps it's a coincidence. Either way, it's totally out of my abilities, so I have hired a web security person looking in to it. Now, I have three problems (1) Finding how they got in (2) Stopping them (3) Getting my site back online. As if life was not hard enough already :(
  9. Hi guys, I have just been flying for 13 hours, so I am back in the office and able to reply to the questions. Thank you all so much for your help and support. The screen shot was sent to me by the person in question, this is not my software, so I don't know what it is. I am running a heavily modified 2.3.4 version of OSC, so it would be almost impossible to start to strip it back from this point, without losing all the functionality I need. To answer another question, I am on a share hosting server, but on my own hosting, I only have OSC and a MediaWiki installation. I also had an installation of a program called clip bucket, but I was not using it, so I have uninstalled that. We only access our site from Mac computers here, and I am carful about what I install, so I would not expect that I have a loggers or malware etc. installed. I have had our hosting company do a security check and they reported back "We scanned your account and your account is clean and there are no such findings which needs attention. Just make sure you update your scripts to the latest versions and audit your account timely for any suspicious or unwanted files. We also recommend that all PC's with access to your account must be audited for malware. Please note that one of the main purpose of malware on websites is to infect visitors. Therefore a simple visit on your website could have resulted in an infection for your PC. ALL users currently available on your sites must be reviewed and all malicious or suspicious users removed" Because our web site is a commercial shop, I can't get every user to do anything. Burt, I will go and change all my passwords (God, I have so many, that's going to be a full time job :wacko: ). I will need to get someone to go through the files and database to ensure that it is clean, as I do not personally have the skills to know what to look for. I am looking at changing to a non-shared host too. Thanks
  10. I don't doubt that it will be someone trying to extort money, so I want to do everything in my power to close the security hole without communicating with this person. I am actually appreciative that they brought it to my attention and if they had made a financial offer clearly in the email, perhaps it could be a good way for a hacker to get some business, but no, it feels like this is leading to trouble. Here is the picture they sent me... I hope it might mean something to someone. I have blanked out the personal data.
  11. Hi Jack, so they sent me screen shots of our database tables, showing our customer details, so they are genuine. As far as I know they cannot access our Admin side. Thanks
  12. One thing I did find was that our admin .htpasswd_oscommerce file was missing (I don't know why, it's always been there before), so I have reinstated that. Could that alone be enough to give someone access to our database?
  13. I will go and change the password now, but no my site is up to date, my config files are set to the right permissions and I don't think my password is easy, but it will be like the Da Vinci Code now! Thanks
  14. Out of the blue I got an email today to say that there is a bug in our web site and that the sender can access our database. They attached screenshots where they can indeed access our database. They want me to contact them for advice on how to fix it. What do I do??? Where could the breach be??? Thanks.
  15. When the customer receives an order update using this contribution, the email has all the correct information except for the order status, whihc just comes out as: EMAIL_TEXTHTML_STATUS_UPDATE Does anyone know how to fix this? Cheers Kev