Jump to content

Archived

This topic is now archived and is closed to further replies.

eveorgan

'Net Decrypter' Hack - Need a Permanent Security fix - please help..

Recommended Posts

My site was hacked by a 'Tunisian Algerian hacker' who goes by the name of the 'Net Decrypter'. After some investigation, it turns out the suspect file was an 'index.html' file - once we deleted this, the homepage of the site went back to normal and continued to function normally.

The problem is, every time we fix the problem, he hacks the site again - it just keeps happening. A long-term fix is needed - I'd really like to find out how to stop this from happening again and prevent him from doing this, as obviously it looks terrible if that's what people see when they log on to the site - a hack message.

Does anybody have any idea what I can do about this, or whether there are any add-ons/upgrades/newer versions of oscommerce that would help with is/some fix that I can implement in my current version that would prevent him from getting in? I'm using version 2.2.

 

Any replies or wisdom would be much appreciated. :)

 

Eve x

Share this post


Link to post
Share on other sites

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

If the hacker is merely inserting an "index.html" file into your site (and the server search order picks it up ahead of "index.php"), there are a number of possibilities. He may be using your osC "File Manager" to plant files -- get rid of File Manager and Define Language per instructions. He may be into your Admin directory -- rename and password protect it per instructions. He may have spyware on your PC used to maintain the site, and knows your password as soon as you type it in. Do a spyware scan to rid your PC of keystroke loggers and password sniffers. Change all passwords (server access, FTP, osC admin account) regardless of whether you found anything. Your server may be suffering an intrusion at a higher level -- consult with your hosting company if you can't stop the attacks. If you have other applications on your server, they may be out of date and vulnerable to hackers -- update them (as well as osC) to the latest version.

 

If all he's doing is inserting "index.html", and you're on an Apache server, you might consider adding a line to your .htaccess file to tell it to look for "index.php" before "index.html":

DirectoryIndex index.php index.html index.htm

Also make sure you have

Options -Indexes

so that a hacker can't browse your image directories, etc., that don't have an index file.

Share this post


Link to post
Share on other sites

Thanks so much everyone for the help - it's much appreciated. :) i have a few questions - MrPhil - where would i insert the "DirectoryIndex index.php index.html index.htm" in the .htaccess file? (On what line, etc) - I know a little coding but i'm not an expert. :) Just wondering where I would need to insert it?

And same with the Options - Indexes - where does that go - in the same .htaccess file?

And finally - Is anyone using the version 3.x of Oscommerce, and do you find that it helps with the security issues? I'm afraid that if i upgrade it it may make everything worse. Just wondering if anyone's tried upgrading after being hacked, and how it worked for you.

Thanks again for the help so far, everyone. :-)

 

Eve x

Share this post


Link to post
Share on other sites

P.S. I have been told by a tech-savvy friend that he thinks the hack was a 'javascript injection' hack - and that the hacker just used a form on my site to send some code that would create the index.html file. Don't know if that affects how I should go about this? I think MrPhil maybe you're right and I simply need to stop the system from paying attention to the index.html file. It would be nice if he couldn't get in and hack the site in the first place though! :(

 

x

Share this post


Link to post
Share on other sites

You could insert the new lines anywhere in .htaccess, provided it's not in the middle of something else. For safety, add them at the very end of the file. That eliminates the possibility of breaking something else. Check that you don't already have some form of either command (DirectoryIndex or Options) in the file.

 

Don't even consider going to osC 3.0. It's only "alpha" level, and far from ready for a production store, especially for anyone who knows nothing about PHP.

 

"Javascript injection"? I suppose that's possible, but "MySQL injection" and "PHP injection" are far more common attacks. Be sure to do a search on this forum regarding "security", and follow instructions of "hardening" your site against hackers.

Share this post


Link to post
Share on other sites

×