Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Hacking tool found?


Peper

Recommended Posts

Going through error log and found:

[error] [client 78.129.9.54] File does not exist: /home/----/public_html/shop/diaa.php, referer: http://www.rajabraci...galz_edited.php

 

I followed the link and it sure is suspicious after I g00gled diaa.php

 

this log shows that they trying to access file which doesn't exist on your server. I personally recommend scan your store file for presents of encoded code and file which you have never uploaded and using ativirus software scan the php files.

Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Link to comment
Share on other sites

  • 2 weeks later...

this log shows that they trying to access file which doesn't exist on your server. I personally recommend scan your store file for presents of encoded code and file which you have never uploaded and using ativirus software scan the php files.

 

it seems to do something with filemanager.

hacker was manage to upload pishing file and extract on root of oscommerce

 

xxxxxxx - - [12/Sep/2010:16:36:02 -0600] "POST /admin/file_manager.php/login.php?action=save HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

xxxxxxx - - [12/Sep/2010:16:38:23 -0600] "GET /halt.php HTTP/1.1" 200 440 "http://dataglobal.cl/galz_edited.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor"

xxxxxxx - - [12/Sep/2010:16:38:25 -0600] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor"

xxxxxxx - - [12/Sep/2010:16:38:51 -0600] "GET /halt.php HTTP/1.1" 200 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.12) Gecko/20100824 Firefox/3.5.12 (.NET CLR 3.5.30729) WebMoney Advisor"

Link to comment
Share on other sites

  • 2 weeks later...

I'm running 2 osCommerce sites and this query came up with both

 

Can someone suggest a .htaccess changes to block such files

I have installed a bad conduct addon which adds their ip to the list, can we do this for specific files requests as well??

 

Please post and keep our sites safe

Getting the Phoenix off the ground

Link to comment
Share on other sites

I'm running 2 osCommerce sites and this query came up with both

 

Can someone suggest a .htaccess changes to block such files

I have installed a bad conduct addon which adds their ip to the list, can we do this for specific files requests as well??

 

Please post and keep our sites safe

Read the security forum (this one?) the pinned topic "How to secure my site."

 

All of the very necessary recommendations to securing your site, including what to do to prevent this, is contained in that topic.

 

The link is in my signature...

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...