Jump to content

Archived

This topic is now archived and is closed to further replies.

talbot649

Spam Emails Being Sent

Recommended Posts

Did you perform all the necessary actions prior to the hack or after?

After the hack (sorry if that wasn't clear). One of our customers contacted me about the spam, and, when I started receiving it myself, I did some investigating and found this thread.


Check out Chad's News.

Share this post


Link to post
Share on other sites

After the hack (sorry if that wasn't clear). One of our customers contacted me about the spam, and, when I started receiving it myself, I did some investigating and found this thread.

Then I assume you have deleted the rogue user and password protected the admin directory after you renamed it, installed and ran site monitor, and looked for php files not a part of the original osc, in particular php files in image directories?

 

How are things looking for you now?


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

Hello,

I’ll try writing again. My first attempt ended in timeout and 4 spam messages. Sorry for that.

My site was also hacked during christmas with the result of spam being sent to customers. I deleted the content and uploaded a clean backup of my site. I applied all of the security patches given in this and another thread but I’m still a bit nervous of not being safe.

When I look at ’Who’s online’ I see an ip thats been online for several hours. When I update it changes ip. I continues to change ip about every 2 min. Most of the ip comes from different polish isp. I installed iptrap but since this person changes ip all the time it’s a fulltime job to ban ’em. Anyone have suggestions what this can be about?

/Jenny

Share this post


Link to post
Share on other sites

the best protection is the following steps:

 

1) rename the /admin/ folder to what ever like example my_shop-admin_panel

2) if you are using the 2.2 RC1, you will need to fix the security issue:

http://github.com/osCommerce/oscommerce2/commit/569917f654edab2b07bf61ab8caf2764ba1457c4

3) change the admin username and password


Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Share this post


Link to post
Share on other sites

The adminfolder is called something else. I've changed usernames and password, even my database password. I'm currently running: v2.2 RC2a. I just get worried when I see that someone's been on for several hours and its not a bot. I just find it weird that this entry, that oscommerce 'Who's online' logs as the same, changes ip every other minute.

Share this post


Link to post
Share on other sites

That's ok, we have not yet worked on your configure.php in your admin area.

 

 

 

If you are leaving town then do everyone a favor and backup your admin folder to your local drive and then delete it off the server. When you return we can fix it. This way the hacker will not be able to continue while you are away and not able to stop him.

 

Have a nice trip! :)

 

Ok

back in action

I see that my IP support have got my admin back connecting

but its not working correctly

when i login the admin does not show my customers and orders etc

when i sign up I do not get a welcome email sent to me etc

whn i look at my backups it says

Error: Backup directory does not exist. Please set this in configure.php.

 

regards

Patrick

Share this post


Link to post
Share on other sites

oops i had send email turned off

 

but still have a blank page when i login and the backup has been lost

 

how do i reconfigure backup in config.php?

 

I see from others queries that a complete migration to OSC 3 isnt advised yet

 

am putting security into practise now

Share this post


Link to post
Share on other sites

I'm just wondering...I installed V3 this morning, so I haven't had time to get hacked, but I want to nip this in the bud, starting with disabling that "tell a friend" option. Secondly, I wonder if, since we all probably keep the directory names as we find them and the hackers know this, would it work if we renamed the home directory to something like QETWDJWNWE instead of CATALOG or OSCOMMERCE? And if we can do that, would it be feasible to do it AFTER installation or should we do it as part of the install?

Please don't hurt me. I'm new at this, and would rather be selling than programming.

Share this post


Link to post
Share on other sites

I'm just wondering...I installed V3 this morning. I'm new at this, and would rather be selling than programming.

Quite probably you should post in the Version 3 section of the forum.

 

But, I don't think it will make much difference what you name the base folder. The hackers will find you anyway, just not as fast.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites

Quite probably you should post in the Version 3 section of the forum.

 

But, I don't think it will make much difference what you name the base folder. The hackers will find you anyway, just not as fast.

Yeah, you're right. I made the changes and it works the same way as before.

Another thing I was wondering; are any of the secure site safe? Would it matter if I got a secure ssl certificate from one of the security organizations?

 

I mean credit card info could be mined in a heartbeat.

besides, with all the trouble we seem to be having with either of these systems, maybe the best thing to do is just look for a better program. Every time I get one problem solved, here comes another one. Getting hacked would be an UPGRADE for me, because that would mean that at least I got the thing online long enough to GET hacked.

Share this post


Link to post
Share on other sites

Would it matter if I got a secure ssl certificate from one of the security organizations?

No. SSL only encrypts data in transit between the browser and the server. It does nothing for stored data or preventing intrusions. At best it prevents someone from using a packet sniffer to learn your password.

 

I mean credit card info could be mined in a heartbeat.

Not if you do not store it.

 

besides, with all the trouble we seem to be having with either of these systems, maybe the best thing to do is just look for a better program. Every time I get one problem solved, here comes another one. Getting hacked would be an UPGRADE for me, because that would mean that at least I got the thing online long enough to GET hacked.

Everyone has different experiences with the program. Personally, I had it installed in a matter of minutes and never had a problem with it. I even with a couple of years with MS2 before I learned that I needed security updates. It is all about knowledge and your commitment to properly managing the web site.


Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Share this post


Link to post
Share on other sites
I mean credit card info could be mined in a heartbeat.

Not if you do not store it.

This is PRECISELY why I encourage clients to use PayPal OFF SITE. I don't have any "large" clients, only small local businesses, and I caution all of them the same: if you NEVER HAVE a customer's credit card info -- a hacker can't steal information that has never existed. The only perfectly secure site is the site that doesn't exist. If you need to be online, be as safe as you can!

 

For small businesses that don't want to pay monthly gateway fees, particularly for unincorporated proprietors, keeping all payment info OFF SITE makes good LEGAL sense! The less "sensitive information" their site handles, the less liable they are if Something Bad [tm] happens.

Share this post


Link to post
Share on other sites

×