Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

suddenly lost all images?


jilmarieaz

Recommended Posts

Hello, My site at sensationsporthorses.com has suddenly stopped showing any of my thumbnail images. I haven't made any changes so not sure what happened as it was working just fine. Anyone have any suggestions on how to fix this?

Jill

 

I too have the exact same issue. tempodancewear.com.au. I can't find any other info on the net apart from this post.

 

Is this just happening to both of our sites?

 

Somebody.... please... help !!!

Link to comment
Share on other sites

Open up a php file and look for the eval hack at the top. i've just cleaned 3 site with the same problem

the code begins with

 

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl.

 

If its there you need to get your site cleaned, or restored from backup deleting the existing one first

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Is it pretty safe to day that the only mods to the php files are the top line with the <? /**/eval(base64_decode(..... on it?

If so, if I'm patient enough would I be able to remove all entries and delete filemanager.php, rename admin/password and I'm cool?

 

My last change to the site was only addition of a shite load of products. If I restore from an older copy and use the same database I should be right shouldn't I? Or is my database in jeopardy as well?

 

Dru

Link to comment
Share on other sites

First you will have to find the location for the files that have been placed on your server, to do this decode the long string at the top of the php files, run the code through here http://www.opinionatedgeek.com/dotnet/tool...de/Default.aspx this will reveal the location that you need to clean ASAP this will restore your images

 

Change your admin name and the admin / incldes / configure.php defines for admin

 

Then delete the filemanager.php from admin

remove the link to it in admin / includes / boxes / tools.php

Then go through each and every php file to remove the code.

 

Search the forum for help on any aspect of this for more help

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

There is a security hack with rc2.

All shop owners should rename admin to some unique admin.

Also deleting file manager is recommended.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

OK, I've gone through all my files and removed the top entry referring to <?php /**/eval(base64_decode.

Changed admin name and the admin / incldes / configure.php defines for admin

Deleted the filemanager.php from admin

Removed the link to it in admin / includes / boxes / tools.php

Went go through each and every php file to remove the code.

 

So now I'm only missing some maybe half of my thumbnails.

 

Is there a way to check if I'm still vulnerable or if I've cleaned it properly?

Link to comment
Share on other sites

Apply all the security patches that are on forum.

 

Also remove unwqanted code.

Plus add site monitor contribution so as to keep a watch on the file level activities on Your site.

 

Make sure You also do have site access log so if anything goes wrong further you can get the entry point of hackers looking at the access log file.

 

Also disable ftp when ever You are done and do not see much need of it(as minor correction can be achieved thru cpanel file manager).

 

Also a proper secured server(hosting comapnies who have a strict security policy is recommended).

The more You take care more You are safe but hackers will keep upgrading there skills and try to kack in.

 

 

Satish

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

Apply all the security patches that are on forum.

 

Also remove unwqanted code.

Plus add site monitor contribution so as to keep a watch on the file level activities on Your site.

 

Make sure You also do have site access log so if anything goes wrong further you can get the entry point of hackers looking at the access log file.

 

Also disable ftp when ever You are done and do not see much need of it(as minor correction can be achieved thru cpanel file manager).

 

Also a proper secured server(hosting comapnies who have a strict security policy is recommended).

The more You take care more You are safe but hackers will keep upgrading there skills and try to kack in.

 

 

Satish

 

Satish

 

I too got hacked GRRRRRR

So I went down the "restore the data base" route.

 

I have tried to restore my database and it hasnt worked. My data base is about 1 month old and when I pressed RESTORE it looked like it was working but then the screen went blank and nothing. I checked my website and I still dont have pictures ! Help! Any ideas?

Link to comment
Share on other sites

I too got hacked GRRRRRR

So I went down the "restore the data base" route.

 

I have tried to restore my database and it hasnt worked. My data base is about 1 month old and when I pressed RESTORE it looked like it was working but then the screen went blank and nothing. I checked my website and I still dont have pictures ! Help! Any ideas?

 

 

If its the same hack then you have to first decrypt the hack to find the location of the files placed on your server anywhere between 1 and 30 ish. remove these then you need to remove the code from every single php file on your server

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

I decoded mine and it pointed to a language folder (German) and some file within in there. Since I don't use any other language other than English I blew it away and went through ALL php files and removed the top entry that was injected into each file.

 

I didn't do any database changes and all seems OK so far. My thumbnails are all there.

 

I've learn't my lesson.... keep it secure because it's a pain in the but when you have to do clean up!

Link to comment
Share on other sites

Ok - me too- A little question before I mess up what I can't fix...my admin configure file does not have my osc admin user info, but my database user and password info, you want me to change that? don't I need to add a new user for mydatabase in php first? Also- delete the filenames folder and do not bring it back?

Link to comment
Share on other sites

Apply all the security patches that are on forum.

 

Is there a nice list somewhere of recommended security patches? If it can be "stickied" or "pinned" to the top of the board, that would be quite useful. It might make a nice board of its own (under Support Forums > osCommerce Online Merchant v2.x), with topics on proven code patches, known vulnerabilities and their resolutions, system things you should and shouldn't do (including permissions), how to decode an encoded (e.g., base64) chunk of code to see what files it's referencing, tips and tricks, etc. Putting everything security-related into one place would save a lot of hunting around, and make it easier for people to armor their shops.

Link to comment
Share on other sites

In the German forum there is an announcement by the German team members about a security problem in the

 

admin for shops using osC 2.2 version RC1 and RC2. The details of how to compromise the admin have not been

 

disclosed (for obvious reasons).

 

For the moment two things can and should be done:

A. rename the admin directory

B. add .htaccess protection to the (renamed) admin directory as was necessary on the older versions of osC

 

(.htaccess cannot be used on a Windows server by the way)

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

yes managed to find the files hidden in the english language folder under buttons, sneaky bastards!

deleted those files as well (the decoding thing did not work for me)

now my pictures are back. :)

 

Now crank up my security (i did use .htaccess and other protection but still that was not enough)

Link to comment
Share on other sites

The problem is YOUR SITE HAS BEEN HACKED ......... REALLY..... :-(

The icons do not appear as files have been changed in the admin area.

The directory has been hacked and files played with.

 

The quick fix for this is the replacement of all the files in the admin area.

So DELETE all the files in the admin folder. Replace them with your site back up folder.

 

Change the name of your admin folder to say 'myadmin1234565'

 

Password protect the folder from linux

Change your log in password

This should stop any new attacks.

 

If your provider does not allow directory password protection then change your hosting provider. Like Taghosting.co.uk

 

Trevor

Link to comment
Share on other sites

  • 2 weeks later...

A. rename the admin directory

B. add .htaccess protection to the (renamed) admin directory as was necessary on the older versions of osC

Is it necessary to do both of these? (A) is security-through-obscurity, not foolproof. If I keep the admin tree as 'admin', but add password protection to it (so extra ID and password are needed), shouldn't that be enough? I'm trying to imagine anything a hacker could do to the admin tree from the outside, without having to give a password.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...