Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited


Profile Information

  • Real Name

Recent Profile Visitors

4,855 profile views
  1. I know this has had to been asked a million times but searching showed exactly no results. How do I fix these security checks: HTTP Authentication has not been set up for the osCommerce Administration Tool and the /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration.
  2. Site hacked through Vulnerability

    I can start all over with no problems. The OSC was just started and really not much on it yet, just a few items. Now the forum has been going on for years but has dwindled down to about 5 members but we will get on daily just to say hi so in that regards, I could just start it off new also. Other than those two applications, there is nothing on the website to speak of. I would just do a clean but it's just too expensive. I'm retired and on a fixed income and just recently had a heart attack and triple by-pass surgery so I don't need any of this right now. STarting new would be best in my situation. If site monitor is free I'll install it also.
  3. Site hacked through Vulnerability

    What I am planning on doing is to have my whole site wiped clean and start all over with all new installations. Since I have no idea nor does the host how they got in, it's all I can do. My host wanted me to use sitelock.com which they are partnered with and pay them to scan my site and they would clean anything that look suspicious. Bad thing about that is they want you to have a year contract with them with at least a $49/mo charge plus an upfront cost of $100 to do the scan and clean. I don't know but it sounds more like a scam to me, wanting me to pay them for a year for something I had nothing to do with. How do I know they or the host didn't put those files there? It's just a big mess.
  4. Site hacked through Vulnerability

    I actually didn't say OSC was at fault and actually asked if this has happened to anyone else thinking that if it did, it might be a problem with OSC. The reason I did not mention the forum was because it has been there for years with regular updates so my initial thought was OSC since I had just installed it on a new website that had it DNS pointing from my website host just hours before it was hacked. I'm just looking to find out how it happened. The only way to find out something is to ask and it might show a reason, without asking, then no one will ever know. Sorry to have bothered you. Now if I go to the forum forum, I bet they'll say the same thing as you did. If I do find out I will be sure to come back and let you know.
  5. Site hacked through Vulnerability

    If you are saying that a forum package was on the cart, no. Matter of fact the OSC has nothing extra added to it except for the store logo and of course some items for sale. I still have no idea how they got in and through what means.
  6. Site hacked through Vulnerability

    I just noticed that I had typed 1987, it was 1997 when we started but it was still using HTML, then we went to dreamweaver and fireworks. Sorry about that.
  7. Site hacked through Vulnerability

    MrPhil, I know I installed the Bootstrap back in June of this year, just never went live with it until almost a week ago. I don't know why it says in the version.php 2.3.4 instead of 2.3.4BS. As far as designing websites, I and my partner designed them using html code only, there was no software when we started. That's probably the main reason I got out of website design a few years ago because of the great software they have now, anyone can design a site now. As far as the host wiping out my code, I may have misled when I said that, the files and the folders were there but they sent me an email saying that if I wanted to get my site back online that I would have to get rid of all the files. Here is what they sent me in short: To correct this problem: 1. Go through the entire account and remove unfamiliar/unused files; repair files that have been modified by the hacker. 2. Update all scripts/programs/plugins/themes on the account to the latest versions. 3. Research any scripts/programs/plugins/themes you are using for known security vulnerabilities; remove any with known, unresolved vulnerabilities. 4. Update your cPanel password, using a strong password (i.e. upper case characters, lower case characters, numbers, symbols). 5. Remove unused FTP accounts. 6. Update the passwords on necessary FTP accounts to strong passwords (see above). 7. Update the passwords for any scripts/programs you are using to strong passwords (see 4 above). 8. Remove all unknown cron jobs. 9. Secure the php configuration settings in your php.ini file. 10. Update the file permissions for files and folders on your account. Now here is something to think about and it keeps haunting me, the night before(actually 6 hours before the attack), I had changed the DNS to point to Shopify.com and the www CName only so that we could use their shop for testing. I told my host this and they said there was no way they could access my site that way. It's just too much of a coincidence that it happened just hours afterwards. Oh, and I did remove the installation files once I was finished installing and also changed the permissions that were noted in the admin when installed.
  8. Site hacked through Vulnerability

    I am not sure but the forum has been running for about 8 years and the OSC has been up for about 5 days or so, it's just a wild guess.
  9. Site hacked through Vulnerability

    Yes, that would be true but I starting out fresh with nothing but what I need, if it happens again at least I will know what program is doing it. I have a forum running and osC
  10. Site hacked through Vulnerability

    Yes, they showed me what folder and files were added to my website that they(hackers) used and then deleted the whole folder. Right now I can't do anything because one of the websites that are on my account is going live(online store) that has it's DNS redirected to a shopping cart(shopified). What I am planning on doing is have the whole account wiped clean and start all over. Ido have backups of everything that I can use. I'll just go back about a month and use those.
  11. Site hacked through Vulnerability

    OK, I just remembered that I am running the bootstrap version and the last time a version check was done was 2017-06-08 and everything was up to date then.
  12. Site hacked through Vulnerability

    I can not tell you exactly which version I have but it is a v2.x. I also can not compare files because the host already deleted the files in question. The only thing I have right now that is up to date is the database for it. Is there something in the database where it will tell me what version of osC I am using?
  13. This morning my website was suspended for phishing. Apparently someone found a vulnerability and was able to put scripts onto my website and were posing as Wells Fargo. Only thing I have installed on my site is osCommerce and it has been there for years and is always updated with the newest versions. I was just wondering if anyone else has had this happen to them recently? My host is telling me that they can not make my site available again until I have a company like sitelock scan my site and give it a clean bill of health but of course at a yearly contract of at least $49/month. This all sounds like a scam to me.I've been designing websites and have a few of my own sites since 1987 and have never had something like this happen before.
  14. One of my clients wants to be able to offer free flat rate shipping for international orders. Is ther an addon for this or some kind of setting to enable him to do this?