Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Possible hacks?


ogwinilo

Recommended Posts

I have installed the bubble store. After running Sitimonitor, i get the following files as possibly hacked:

 

Checked 223 directories containing a total of 1173 files. Skipped 851 files. 20 suspected hacked files found.

Hacked Files Found

power/fckeditor/fckeditor.afp

power/fckeditor/fckeditor.asp

power/fckeditor/fckeditor.cfc

power/fckeditor/fckeditor.cfm

power/fckeditor/fckeditor.js

power/fckeditor/fckeditor.lasso

power/fckeditor/fckeditor.pl

power/fckeditor/fckeditor.py

power/fckeditor/fckeditor_php4.php

power/fckeditor/fckeditor_php5.php

power/fckeditor/editor/fckdialog.html

power/fckeditor/editor/dialog/fck_docprops.html

power/fckeditor/editor/dialog/fck_flash.html

power/fckeditor/editor/dialog/fck_image.html

power/fckeditor/editor/dialog/fck_link.html

power/fckeditor/editor/dialog/fck_paste.html

power/fckeditor/editor/dialog/fck_spellerpages.html

power/fckeditor/editor/filemanager/connectors/test.html

power/fckeditor/editor/filemanager/connectors/uploadtest.html

power/fckeditor/editor/js/fckdebug.html

 

 

I don't believe they've been hacked, could there be an explanation for this?

 

 

 

Felix

Link to comment
Share on other sites

I have installed the bubble store. After running Sitimonitor, i get the following files as possibly hacked:

 

Checked 223 directories containing a total of 1173 files. Skipped 851 files. 20 suspected hacked files found.

Hacked Files Found

power/fckeditor/fckeditor.afp

power/fckeditor/fckeditor.asp

power/fckeditor/fckeditor.cfc

power/fckeditor/fckeditor.cfm

power/fckeditor/fckeditor.js

power/fckeditor/fckeditor.lasso

power/fckeditor/fckeditor.pl

power/fckeditor/fckeditor.py

power/fckeditor/fckeditor_php4.php

power/fckeditor/fckeditor_php5.php

power/fckeditor/editor/fckdialog.html

power/fckeditor/editor/dialog/fck_docprops.html

power/fckeditor/editor/dialog/fck_flash.html

power/fckeditor/editor/dialog/fck_image.html

power/fckeditor/editor/dialog/fck_link.html

power/fckeditor/editor/dialog/fck_paste.html

power/fckeditor/editor/dialog/fck_spellerpages.html

power/fckeditor/editor/filemanager/connectors/test.html

power/fckeditor/editor/filemanager/connectors/uploadtest.html

power/fckeditor/editor/js/fckdebug.html

 

 

I don't believe they've been hacked, could there be an explanation for this?

 

 

 

Felix

This text is straight from the site monitor mod:

It is important to realize that some such code is valid so found files are not necessarily infected files. But, if found, you should look more closely at them.

 

I don't use the editor you have, so I have no first hand knowledge about the files. I would assume that if they have not been changed from when you installed them, then they are not hacked.

 

Tim

Link to comment
Share on other sites

I had the Sitemonitor add on installed before the add on

Right, every time you add any file at all to your site you have to generate a new reference file, otherwise Site Monitor sees that as an intrusion, but reports it as an added file. Your post above is saying that Site Monitor is reporting suspicious code in those files. That could simply mean that fckeditor may have code in it that is commonly used by hacker for malicious things and Site Monitor is reporting it this way. Had you run Site Monitor immediately after adding fckeditor in you would have noted how site monitor handles those files.

 

Now, it is best for you to ask in the Site Monitor support thread. They will know there if fckeditor returns a false positive.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Right, every time you add any file at all to your site you have to generate a new reference file, otherwise Site Monitor sees that as an intrusion, but reports it as an added file. Your post above is saying that Site Monitor is reporting suspicious code in those files. That could simply mean that fckeditor may have code in it that is commonly used by hacker for malicious things and Site Monitor is reporting it this way. Had you run Site Monitor immediately after adding fckeditor in you would have noted how site monitor handles those files.

 

Now, it is best for you to ask in the Site Monitor support thread. They will know there if fckeditor returns a false positive.

 

 

Thanks Mark, will do

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...