Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Help I have been hacked


morelakw

Recommended Posts

I need some help. My host company has informed me that our website has been hacked. Every time they load our site onto the server, the server does a crash and burn. It shuts everything down. The host company thinks that there is some malicious code somewhere in our code that we need to look for. Is there any good place to start looking, with thousands of pages of code to look through. Ive read many comments on different hacks on here for specific hacks. Has anyone had any experience with a host server crashing? Where to look? Ideas? Thoughts? Thank you in advance.

 

Kyle

Link to comment
Share on other sites

I need some help. My host company has informed me that our website has been hacked. Every time they load our site onto the server, the server does a crash and burn. It shuts everything down. The host company thinks that there is some malicious code somewhere in our code that we need to look for. Is there any good place to start looking, with thousands of pages of code to look through. Ive read many comments on different hacks on here for specific hacks. Has anyone had any experience with a host server crashing? Where to look? Ideas? Thoughts? Thank you in advance.

 

Kyle

 

If your site is indeed crashing the server then I can't blame your host. However .. it would have been extremely simple for them to view the logs and point out to you where and how the crash is occurring in relation to your files rather than just shutting you down without a jot of help.

Link to comment
Share on other sites

I do not blame them for shutting us down. I understand that. Not to seem like a complete moron here, but what types of logs should i be requesting? Obviously security logs or logs that show site changes that have occurred during the previous 48 to 72 hours? Suggestions on where to go from here would be appreciated. Obviously I am learning as I go right now. Thank you

Link to comment
Share on other sites

I do not blame them for shutting us down. I understand that. Not to seem like a complete moron here, but what types of logs should i be requesting? Obviously security logs or logs that show site changes that have occurred during the previous 48 to 72 hours? Suggestions on where to go from here would be appreciated. Obviously I am learning as I go right now. Thank you

 

I wasn't really alluding to the logs that you had available to you ( although you should obviously look at them ) your comment stated: -

 

Every time they load our site onto the server, the server does a crash and burn.

 

So these hosts whoever they are have have tried a number of times to "load" the sites but the server crashes. If we assume these hosts are server specialists ( and ofc they should be ) then they should know exactly how the server crashed and the route to it happening.

Link to comment
Share on other sites

They were quite vague as to the server crashing. All i know is everytime our site was loaded onto the server, the server would crash and burn. They were no more informative than that. Sounds like i need a lot of information from them first thing Monday morning. Thank you. Anything else i should be aware of come Monday morning when i speak with them again? I appreciate your assistance.

Link to comment
Share on other sites

Would the logs still be available since we are on a shared server. We are also on a shared host with our site. Would it be better for our oscommerce site to be on a dedicated server?

Link to comment
Share on other sites

Rogue code infecting an osC site is usually obfuscated PHP that looks like the code described here

 

And is normally at the top or bottom of the PHP source.

 

HTH.

:)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Rogue code infecting an osC site is usually obfuscated PHP that looks like the code described here

 

And is normally at the top or bottom of the PHP source.

 

HTH.

:)

 

germ,

 

I've been running code compare on several php files and have not found a thing that looks malicious, also there aren't any obscure php files anywhere that I could see. Are there any typical php files that hackers will input code into?

Link to comment
Share on other sites

Usually the index.php or any of the "requires" or "includes" found it it.

 

But once site security has been compromised ALL files are guilty until proven innocent by careful inspection (IMHO).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Usually the index.php or any of the "requires" or "includes" found it it.

 

But once site security has been compromised ALL files are guilty until proven innocent by careful inspection (IMHO).

 

I'm more than halfway through my entire site, and still have yet to find anything. I appreciate all of the help. I will continue to dig.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...