Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Database reload after hack?


Banana Man

Recommended Posts

Hi,

 

My 2.2rc2a site was hacked yesterday. The only damage i can see is that the index.html file has been changed. Also, 2 files were uploaded called r61.php and gh.php to my root folder. I am going to re-upload my local version of the site and follow the guidlines i have since found for protecting against these things in future.

 

I have a problem with the database though as my last backup is 5 months old. Is it necessary to delete the database and re-upload this aswell? I presume it is but was just hoping it wouldnt be the case. The hack was traced back to a general Broadband provider in Turkey so im presuming it was just some fool doing it for the fun.

 

Thanks

Link to comment
Share on other sites

Hi,

 

My 2.2rc2a site was hacked yesterday. The only damage i can see is that the index.html file has been changed. Also, 2 files were uploaded called r61.php and gh.php to my root folder. I am going to re-upload my local version of the site and follow the guidlines i have since found for protecting against these things in future.

 

I have a problem with the database though as my last backup is 5 months old. Is it necessary to delete the database and re-upload this aswell? I presume it is but was just hoping it wouldnt be the case. The hack was traced back to a general Broadband provider in Turkey so im presuming it was just some fool doing it for the fun.

 

Thanks

Usually databases are not affected. If the intent was to steal names, addresses, credit card details, etc. then the database was most likely read, but nothing is usually written to it.

 

If everything works after you reinstall your files then do some spot checking of data and watch it close for a week.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Hi,

 

My 2.2rc2a site was hacked yesterday. The only damage i can see is that the index.html file has been changed. Also, 2 files were uploaded called r61.php and gh.php to my root folder. I am going to re-upload my local version of the site and follow the guidlines i have since found for protecting against these things in future.

 

I have a problem with the database though as my last backup is 5 months old. Is it necessary to delete the database and re-upload this aswell? I presume it is but was just hoping it wouldnt be the case. The hack was traced back to a general Broadband provider in Turkey so im presuming it was just some fool doing it for the fun.

 

Thanks

 

thousands of nl oscommerce linux sites have been targeted on march 19

http://zone-h.org/archive/notifier=GHoST61

Link to comment
Share on other sites

In addition to what Mark said, Although the database was not likely compromised, you should still change the database name and password and then update the 2 configure files to reflect those changes........just in case.

 

 

Chris

Link to comment
Share on other sites

To be even more secure delete all the administrators and set them up again with new user names and passwords.

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...