mcdeveloper Posted February 24, 2010 Share Posted February 24, 2010 We have been using oscommerce since 2003 and we havent had such problem before. We found hack script that allow anyone to do what they want on my server few days ago.(checking/changing chmod of files, upload files etc.). we cleaned our server and checked all chmod of our files. but we dont know how this guy put this script to our server. does anyone know any bugs that allows people to upload this kind of php scripts? script uploaded into templates image folder. we recognized that chmod of folder changed to 777 which should be 755. can anyone help us about it? Link to comment Share on other sites More sharing options...
MrPhil Posted February 24, 2010 Share Posted February 24, 2010 Have you erased your file_manager.php? Have you renamed the admin tree and password protected it? Have you checked all your .php files for added code (often encoded by base64 or the like)? Have you scanned your PC for spyware such as keystroke loggers and password sniffers? Have you talked to your host about security measures they use? Have you changed all passwords (site account, admin user, FTP, etc.)? Have you searched for discussions here about security measures you should take? Have you looked in your site access log for the IP address of whoever accesses your site control panel, and blocked them? Link to comment Share on other sites More sharing options...
mcdeveloper Posted February 24, 2010 Author Share Posted February 24, 2010 Thanks for reply Have you erased your file_manager.php? NO Have you renamed the admin tree and password protected it? YES Have you checked all your .php files for added code? MOST OF THEM Have you scanned your PC for spyware such as keystroke loggers and password sniffers? YES Have you talked to your host about security measures they use? YES Have you changed all passwords (site account, admin user, FTP, etc.)? YES Have you searched for discussions here about security measures you should take? YES Have you looked in your site access log for the IP address of whoever accesses your site control panel, and blocked them? YES Link to comment Share on other sites More sharing options...
spooks Posted February 24, 2010 Share Posted February 24, 2010 Have you erased your file_manager.php? NO Very common hacking root, see details in security forum. PS Phil forgot to ask you you have added any security, like security pro etc etc detailed in the threads you say you read. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
gioranus Posted September 14, 2010 Share Posted September 14, 2010 I had the exact same problem. Looking at my access log, the attempt to use file_manager.php was very clear. Thanks for this thread, it helped me. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.