Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacked - they upload files to our server


mcdeveloper

Recommended Posts

We have been using oscommerce since 2003 and we havent had such problem before. We found hack script that allow anyone to do what they want on my server few days ago.(checking/changing chmod of files, upload files etc.). we cleaned our server and checked all chmod of our files. but we dont know how this guy put this script to our server. does anyone know any bugs that allows people to upload this kind of php scripts? script uploaded into templates image folder. we recognized that chmod of folder changed to 777 which should be 755.

 

can anyone help us about it?

Link to comment
Share on other sites

Have you erased your file_manager.php? Have you renamed the admin tree and password protected it? Have you checked all your .php files for added code (often encoded by base64 or the like)? Have you scanned your PC for spyware such as keystroke loggers and password sniffers? Have you talked to your host about security measures they use? Have you changed all passwords (site account, admin user, FTP, etc.)? Have you searched for discussions here about security measures you should take? Have you looked in your site access log for the IP address of whoever accesses your site control panel, and blocked them?

Link to comment
Share on other sites

Thanks for reply

 

Have you erased your file_manager.php? NO

Have you renamed the admin tree and password protected it? YES

Have you checked all your .php files for added code? MOST OF THEM

Have you scanned your PC for spyware such as keystroke loggers and password sniffers? YES

Have you talked to your host about security measures they use? YES

Have you changed all passwords (site account, admin user, FTP, etc.)? YES

Have you searched for discussions here about security measures you should take? YES

Have you looked in your site access log for the IP address of whoever accesses your site control panel, and blocked them? YES

Link to comment
Share on other sites

Have you erased your file_manager.php? NO

 

 

Very common hacking root, see details in security forum. ohmy.gif

 

 

PS Phil forgot to ask you you have added any security, like security pro etc etc detailed in the threads you say you read.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 6 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...