Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

TROJAN IN ADDON


turbo5speed

Recommended Posts

This is a transcript of an email i sent to the oscommerce folks:

 

Hi.

 

I recently downloaded and installed an addon that put a snowing effect in oscommerce stores.

 

The addon installs a trojan in /catalog/includes/languages/*your language*/privacy.php. Delete that file and replace it by the original privacy.php

 

Also, changes the permissions for the configure.php files to 444. You will have to set it to 744 to change it back to its original state.

 

Further, it changes the database server address and installs a spam bot in: /catalog/images/default/Christmas/worth.php - REMOVE THIS FILE!!

 

Your store becomes a spamming machine. I realized this when i was contacted by my hosting company.

 

One of the things this trojan did was to delete all the images of my products and thats why i have BACKUPS!!!!

 

Adding a script to index.php is part of the installation process - DO NOT INSTALL THIS SCRIPT!

 

The addon is called "Snow in your site". This is the link: http://addons.oscommerce.com/info/6395

 

Please delete this addon and notify the oscommerce community. You might want to think about checking the person that contributed with this addon.

 

It gave me a pain in the ass i can tell you.

 

Thank you.

 

José Almeida

 

P.S. If you want any help with this please let me know

 

P.S.2 I just realized that it also deleted my database backups.

Edited by turbo5speed
Link to comment
Share on other sites

I looked at all the available versions of this addon and I see no malicous code in any of them.

:huh:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Jose,

 

More than likely, your site was already compromised before adding the contribution. The hacker MAY have taken advantage of the contribution files after you installed it, but the download from this site is CLEAN. I found nothing to indicate anything malicious.

 

 

 

Chris

Link to comment
Share on other sites

Jose,

 

More than likely, your site was already compromised before adding the contribution. The hacker MAY have taken advantage of the contribution files after you installed it, but the download from this site is CLEAN. I found nothing to indicate anything malicious.

 

 

 

Chris

 

Is there any way of removing my site from the live stores list here in the forum?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...