turbo5speed Posted December 1, 2010 Share Posted December 1, 2010 (edited) This is a transcript of an email i sent to the oscommerce folks: Hi. I recently downloaded and installed an addon that put a snowing effect in oscommerce stores. The addon installs a trojan in /catalog/includes/languages/*your language*/privacy.php. Delete that file and replace it by the original privacy.php Also, changes the permissions for the configure.php files to 444. You will have to set it to 744 to change it back to its original state. Further, it changes the database server address and installs a spam bot in: /catalog/images/default/Christmas/worth.php - REMOVE THIS FILE!! Your store becomes a spamming machine. I realized this when i was contacted by my hosting company. One of the things this trojan did was to delete all the images of my products and thats why i have BACKUPS!!!! Adding a script to index.php is part of the installation process - DO NOT INSTALL THIS SCRIPT! The addon is called "Snow in your site". This is the link: http://addons.oscommerce.com/info/6395 Please delete this addon and notify the oscommerce community. You might want to think about checking the person that contributed with this addon. It gave me a pain in the ass i can tell you. Thank you. José Almeida P.S. If you want any help with this please let me know P.S.2 I just realized that it also deleted my database backups. Edited December 1, 2010 by turbo5speed Quote Link to comment Share on other sites More sharing options...
germ Posted December 1, 2010 Share Posted December 1, 2010 I looked at all the available versions of this addon and I see no malicous code in any of them. :huh: Quote If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Guest Posted December 1, 2010 Share Posted December 1, 2010 Jose, More than likely, your site was already compromised before adding the contribution. The hacker MAY have taken advantage of the contribution files after you installed it, but the download from this site is CLEAN. I found nothing to indicate anything malicious. Chris Quote Link to comment Share on other sites More sharing options...
turbo5speed Posted December 2, 2010 Author Share Posted December 2, 2010 Jose, More than likely, your site was already compromised before adding the contribution. The hacker MAY have taken advantage of the contribution files after you installed it, but the download from this site is CLEAN. I found nothing to indicate anything malicious. Chris Is there any way of removing my site from the live stores list here in the forum? Quote Link to comment Share on other sites More sharing options...
Guest Posted December 2, 2010 Share Posted December 2, 2010 Jose, You will have to contact Harald about that. Chris Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.