chadcloman Posted January 6, 2010 Share Posted January 6, 2010 Did you perform all the necessary actions prior to the hack or after? After the hack (sorry if that wasn't clear). One of our customers contacted me about the spam, and, when I started receiving it myself, I did some investigating and found this thread. Check out Chad's News. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted January 6, 2010 Share Posted January 6, 2010 After the hack (sorry if that wasn't clear). One of our customers contacted me about the spam, and, when I started receiving it myself, I did some investigating and found this thread. Then I assume you have deleted the rogue user and password protected the admin directory after you renamed it, installed and ran site monitor, and looked for php files not a part of the original osc, in particular php files in image directories? How are things looking for you now? Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
jaynice Posted January 7, 2010 Share Posted January 7, 2010 I'm really sorry for the spam. There was a timeout error and suddenly all of these posts appeared. =/ Link to comment Share on other sites More sharing options...
jaynice Posted January 7, 2010 Share Posted January 7, 2010 Hello, I’ll try writing again. My first attempt ended in timeout and 4 spam messages. Sorry for that. My site was also hacked during christmas with the result of spam being sent to customers. I deleted the content and uploaded a clean backup of my site. I applied all of the security patches given in this and another thread but I’m still a bit nervous of not being safe. When I look at ’Who’s online’ I see an ip thats been online for several hours. When I update it changes ip. I continues to change ip about every 2 min. Most of the ip comes from different polish isp. I installed iptrap but since this person changes ip all the time it’s a fulltime job to ban ’em. Anyone have suggestions what this can be about? /Jenny Link to comment Share on other sites More sharing options...
web-project Posted January 7, 2010 Share Posted January 7, 2010 the best protection is the following steps: 1) rename the /admin/ folder to what ever like example my_shop-admin_panel 2) if you are using the 2.2 RC1, you will need to fix the security issue: http://github.com/osCommerce/oscommerce2/commit/569917f654edab2b07bf61ab8caf2764ba1457c4 3) change the admin username and password Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you. Link to comment Share on other sites More sharing options...
jaynice Posted January 7, 2010 Share Posted January 7, 2010 The adminfolder is called something else. I've changed usernames and password, even my database password. I'm currently running: v2.2 RC2a. I just get worried when I see that someone's been on for several hours and its not a bot. I just find it weird that this entry, that oscommerce 'Who's online' logs as the same, changes ip every other minute. Link to comment Share on other sites More sharing options...
Patrick67 Posted January 19, 2010 Share Posted January 19, 2010 That's ok, we have not yet worked on your configure.php in your admin area. If you are leaving town then do everyone a favor and backup your admin folder to your local drive and then delete it off the server. When you return we can fix it. This way the hacker will not be able to continue while you are away and not able to stop him. Have a nice trip! :) Ok back in action I see that my IP support have got my admin back connecting but its not working correctly when i login the admin does not show my customers and orders etc when i sign up I do not get a welcome email sent to me etc whn i look at my backups it says Error: Backup directory does not exist. Please set this in configure.php. regards Patrick Link to comment Share on other sites More sharing options...
Patrick67 Posted January 19, 2010 Share Posted January 19, 2010 oops i had send email turned off but still have a blank page when i login and the backup has been lost how do i reconfigure backup in config.php? I see from others queries that a complete migration to OSC 3 isnt advised yet am putting security into practise now Link to comment Share on other sites More sharing options...
ifs Posted February 19, 2010 Share Posted February 19, 2010 I'm just wondering...I installed V3 this morning, so I haven't had time to get hacked, but I want to nip this in the bud, starting with disabling that "tell a friend" option. Secondly, I wonder if, since we all probably keep the directory names as we find them and the hackers know this, would it work if we renamed the home directory to something like QETWDJWNWE instead of CATALOG or OSCOMMERCE? And if we can do that, would it be feasible to do it AFTER installation or should we do it as part of the install? Please don't hurt me. I'm new at this, and would rather be selling than programming. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 19, 2010 Share Posted February 19, 2010 I'm just wondering...I installed V3 this morning. I'm new at this, and would rather be selling than programming. Quite probably you should post in the Version 3 section of the forum. But, I don't think it will make much difference what you name the base folder. The hackers will find you anyway, just not as fast. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
ifs Posted February 20, 2010 Share Posted February 20, 2010 Quite probably you should post in the Version 3 section of the forum. But, I don't think it will make much difference what you name the base folder. The hackers will find you anyway, just not as fast. Yeah, you're right. I made the changes and it works the same way as before. Another thing I was wondering; are any of the secure site safe? Would it matter if I got a secure ssl certificate from one of the security organizations? I mean credit card info could be mined in a heartbeat. besides, with all the trouble we seem to be having with either of these systems, maybe the best thing to do is just look for a better program. Every time I get one problem solved, here comes another one. Getting hacked would be an UPGRADE for me, because that would mean that at least I got the thing online long enough to GET hacked. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 20, 2010 Share Posted February 20, 2010 Would it matter if I got a secure ssl certificate from one of the security organizations? No. SSL only encrypts data in transit between the browser and the server. It does nothing for stored data or preventing intrusions. At best it prevents someone from using a packet sniffer to learn your password. I mean credit card info could be mined in a heartbeat. Not if you do not store it. besides, with all the trouble we seem to be having with either of these systems, maybe the best thing to do is just look for a better program. Every time I get one problem solved, here comes another one. Getting hacked would be an UPGRADE for me, because that would mean that at least I got the thing online long enough to GET hacked. Everyone has different experiences with the program. Personally, I had it installed in a matter of minutes and never had a problem with it. I even with a couple of years with MS2 before I learned that I needed security updates. It is all about knowledge and your commitment to properly managing the web site. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
hetmana Posted September 8, 2010 Share Posted September 8, 2010 I mean credit card info could be mined in a heartbeat. Not if you do not store it. This is PRECISELY why I encourage clients to use PayPal OFF SITE. I don't have any "large" clients, only small local businesses, and I caution all of them the same: if you NEVER HAVE a customer's credit card info -- a hacker can't steal information that has never existed. The only perfectly secure site is the site that doesn't exist. If you need to be online, be as safe as you can! For small businesses that don't want to pay monthly gateway fees, particularly for unincorporated proprietors, keeping all payment info OFF SITE makes good LEGAL sense! The less "sensitive information" their site handles, the less liable they are if Something Bad [tm] happens. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.