constantly hacked by team mosta

[alwaysstressed]

hi

i have been hacked 4 times by this awful team. This time i have an intact database and i have uploaded the new index pages however there seems to be a loop that sends the link from index to store straight to mostas home page.

can anyone help me please??

thankyou

[burt]

Take a look at any redirect rules in your .htaccess file.

If that does not work, find someone to cleanse and lock-down your site.

[alwaysstressed]

hi

it was a duplicate post as i am working on 2 not 3. Thanks for your response i have it back online and i shall check the ht access file as you have suggessted. This is the second time he has hacked the same shop. apparently there is a vulnerability in oscommerce? will there be a patch at any time ?

thanks again for your reply

[burt]

Patches have been available for a very long time (years in fact). There is a security thread that you can follow. If you are unsure, then contact a forum member who is more than just a "mouth" and get professional help (obviously, expect to pay for it).

 

As an aside, and not aimed at you, but at all shop owners; I have noticed that once set up, most shop owners do not bother to keep on top of updates and other released code etc. It's something that needs to be addressed - but I'm not quite sure the right way to go about it. Any ideas? I can keep blogging, tweeting and posting about security until I am blue in the face, but very few people take notice so long as their shop is working ok.

 

Put bluntly, it's a matter of WHEN, not IF, you get hacked if you do not make security changes.

[andy_1984]

I have noticed that once set up, most shop owners do not bother to keep on top of updates and other released code etc. It's something that needs to be addressed - but I'm not quite sure the right way to go about it. Any ideas? I can keep blogging, tweeting and posting about security until I am blue in the face, but very few people take notice so long as their shop is working ok.

 

Put bluntly, it's a matter of WHEN, not IF, you get hacked if you do not make security changes.

 

some open source solutions for things like e commerce, cms, forums, etc etc have an auto update feature. just how you could do this with oscommerce because of contributions and modifications is beyond me though :(

 

big red flashy text that reads "security update available - instal NOWWWWWWWWWW!" would probably get them to click and update :D

 

also id hate to think that some store owners/coders are not putting in security updates so the customer has to get the origonal coder to fix it..... at a cost of course

[rselonke]

I have noticed that once set up, most shop owners do not bother to keep on top of updates and other released code etc. It's something that needs to be addressed - but I'm not quite sure the right way to go about it.

 

As a freelancer, who pays for the security updates. My clients are low-budget affairs, which most OSC owners seem to be, so don't have the budget for updates. I am not willing to work for free, but will be considered at fault if the site is hacked. Its a tough sell to some one to say that they might get hacked when they reply with "why did you recommend that system then?". A shame-faced "Hackers are smarter than me" never goes over well. :blush: :'(

 

r

[andy_1984]

As a freelancer, who pays for the security updates. My clients are low-budget affairs, which most OSC owners seem to be, so don't have the budget for updates. I am not willing to work for free, but will be considered at fault if the site is hacked. Its a tough sell to some one to say that they might get hacked when they reply with "why did you recommend that system then?". A shame-faced "Hackers are smarter than me" never goes over well. :blush: :'(

 

r

 

its not that they are smarter than you and its not because of oscommerce its because hackers, no matter what software, will try to hack ANYTHING. no software is exempt from a hacker. this is what i say