Kelleren Posted December 14, 2010 Share Posted December 14, 2010 Okay.. I'm just about to sit down and cry. Every day for more than week now I've been hacked. I'm writing here to share and hopefully get some input and help. I am more than willing to pay for help - this website is my sole source of income and has grown to be a medium sized company with a real life store conntected to it and more. ...It all started with my site posting a security warning regarding some forwarding to a malware site. I cleaned up all index.php files on the server which had an iframe code in them. I changed all passwords etc. A few days passed and every morning the site was down with the same error - the header_tags.php file was missing (deleted) in my includes/functions folder and some days there was a new file called _html_output.php (with a _ in front). Some days I can fix it by just copying over a backup of the header_tags.php - one day though there were more errors and I had to copy the entire backup. After the first attempt I started increasing security - I renamed my admin, added .htaccess files to the admin as well as images folder and includes - I checked permissions. Hack happened again next day - same thing - header_tags.php removed from functions. Every day since the hack I've run sites that test if the site is clean - they all flag me as green. Next day I moved every single installation away from the server except for the oscommerce folder to exclude the option of people getting in elsewhere. I also again changed all passwords. I was hacked again, this was yesterday. I then got a hold of a programmer from this forum, during the evening he's been helping me install the 5 security addons from the thread on these forums - the only one missing which will be up today is sitemonitor. We installed all those and he did a quick manual sweep and was unable to find anything. The security was on during the night (except for sitemonitor) and yet again this morning - same thing - header_tags.php deleted and the site was down. I contacted my host for the 10th time - he checked the ftp logs and informed me that noone had gained entry through the ftp (at least from what he could see) apart from me and the programmer. I haven't been able to sleep much - I wake up several times during the night and check the website to see if it's up - and that has helped me narrow down the time of the attack. Today the attack happened between 08.48 and 09.30 GMT+1 - yesterday I checked at around 09.00 no problems and then the site was down at 09.59. So it seems the attack happens at pretty much the same time - always deleting the same file. This is quite far beyond my understanding of programming - hopefully sitemonitor will be up today to give me an understanding of what is going on. If anyone at all has any quetions, advice or the skills to help I will gladly pay hourly fees - this is the worst thing that has happened in many years. I should add that my version of OSC is osCommerce 2.2-MS2 - upgrading all is a problem as I have many installed addons - however if I can upgrade some single files and close the hole that would be a start. I would also like to get some help finding a program that can search through my files on the site - I haven't been able to search for string except manually going through all files and I don't really know what to look for. Frustrated and broken.. Link to comment Share on other sites More sharing options...
♥toyicebear Posted December 14, 2010 Share Posted December 14, 2010 I know this is not what you want to hear....But my suggestion is to make a brand new site from scratch using osCommerce 2.31 and then import in products, orders and customers from the old site. Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
Kelleren Posted December 14, 2010 Author Share Posted December 14, 2010 I am seriously considering that. Problem is that I'm in the middle of december, most important month of the year - and I have so many custom modules installed it will take alot of time and cost me quite alot to get them all moved and installed on the new site. For now I hope I can find some help mere. MIchael Link to comment Share on other sites More sharing options...
♥toyicebear Posted December 14, 2010 Share Posted December 14, 2010 Well the most common hack problems seems to be due to one of these: 1. File/Folder permissions 2. Hacker uses one of these admin files to add in code: file_manager.php or define_languages.php Fixes: 1. Make sure the permissions are set correctly, find a hosting which allows securer file/folder settings and in "extreme" hacker prone cases you can make all un-writable and then just make the needed ones "writable" just when you need them. for instance the images folder which only need to be writable when you add a new product. 2. Rename the admin folder, add-in a .htaccess password in addition to the ordinary admin login and delete these 2 admin files: file_manager.php and define_languages.php. Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
burt Posted December 14, 2010 Share Posted December 14, 2010 "he did a quick manual sweep" Not good enough. EVERY file needs to be looked at LINE by LINE. Link to comment Share on other sites More sharing options...
Kelleren Posted December 14, 2010 Author Share Posted December 14, 2010 "he did a quick manual sweep" Not good enough. EVERY file needs to be looked at LINE by LINE. I agree - I will find someone to do so once all the 5 security modules has been installed. I have allready fixed permissions & deleted those files - did that day 1! Thanks for the help so far. Michael Link to comment Share on other sites More sharing options...
Kelleren Posted December 15, 2010 Author Share Posted December 15, 2010 It happened again today - even after we took even more steps to secure - I think the site is about as safe now as it gets. I was watching the time as it has been happening in the same time frame. At 09.27am the file header_tags.php was removed from the folder - and the error message Warning: require_once(includes/functions/header_tags.php): failed to open stream: No such file or directory in /path_to/includes/header_tags.php on line 14 Fatal error: require_once(): Failed opening required 'includes/functions/header_tags.php' (include_path='.:/path_to/php/') in /path_to/includes/header_tags.php on line 14 was shown. I quickly reuploaded the file and as the logs show the site was back up 30 seconds later. 4 minutes later, at 09.32 a new file was created in the functions folder named "gw_replace_file.php" - it had exactly the same size and apparently contents as the backuped up header_tags.php that I just copied to the site. Again I spoke with the host and they told me noone had access the ftp but me an my programmers during that timeslot. I'm absolutely mindboogled with this - we keep securing and this keep happening - at apparently the exact same time every day. this new gw_replace_file.php has not been there before and nothing shows up when I search google for the filename. As before I am more than willing to pay for any help from people knowledgeble about a situation like this. Michael Link to comment Share on other sites More sharing options...
Xpajun Posted December 15, 2010 Share Posted December 15, 2010 It happened again today - even after we took even more steps to secure - I think the site is about as safe now as it gets. Errr.... Might be safe from the outside but it's definitely not from the inside - the horse is gone you're left with the Trojans... You need to get rid of every single file that you have on your website in one go - if you have a clean back up then close your store for 2 or 3 hours and back up - don't take short cuts - delete everything and reinstall your clean back up then change your user-name and password on your database. If that doesn't work then you need to install the latest version - even without all the add-ons it has to be better than what you have at the moment. I understand you need the Christmas business but weigh up how much business you'll lose in your quiet 4 hours against how much business you'll lose if you get a "Warning, reported attack site" show up on your url... My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
Kelleren Posted December 15, 2010 Author Share Posted December 15, 2010 In principle I agree completely. If I had a feeling that I would be risking the customers data I would close and reinstall. However it all strikes me as odd - no sites report me malicious, and all that happens is at the clock every day this file is deleted (well and today that new identical file was created). This is the header_tags.php file that keeps getting deleted - if anyone can see a reason why please let me know - it's located in includes/functions <?php /* $Id: header_tags.php,v 1.6 2007/01/10 by Jack_mcs - http://www.oscommerce-solution.com osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Portions Copyright 2009 oscommerce-solution.com Released under the GNU General Public License */ //// //used to add new pages without adding a lot of code function tep_header_tag_page($file) { global $tmpTags, $languages_id; $header_tags_array = array(); $sortOrder = array(); $pageTags_query = tep_db_query("select * from " . TABLE_HEADERTAGS . " where page_name like '" . $file . "' and language_id = '" . (int)$languages_id . "'"); $pageTags = tep_db_fetch_array($pageTags_query); if ($pageTags['append_root']) { $sortOrder['title'][$pageTags['sortorder_root']] = $pageTags['page_title']; $sortOrder['description'][$pageTags['sortorder_root']] = $pageTags['page_description']; $sortOrder['keywords'][$pageTags['sortorder_root']] = $pageTags['page_keywords']; $sortOrder['logo'][$pageTags['sortorder_root']] = $pageTags['page_logo']; $sortOrder['logo_1'][$pageTags['sortorder_root_1']] = $pageTags['page_logo_1']; $sortOrder['logo_2'][$pageTags['sortorder_root_2']] = $pageTags['page_logo_2']; $sortOrder['logo_3'][$pageTags['sortorder_root_3']] = $pageTags['page_logo_3']; $sortOrder['logo_4'][$pageTags['sortorder_root_4']] = $pageTags['page_logo_4']; } if ($pageTags['append_default_title'] && tep_not_null($tmpTags['def_title'])) $sortOrder['title'][$pageTags['sortorder_title']] = $tmpTags['def_title']; if ($pageTags['append_default_description'] && tep_not_null($tmpTags['def_desc'])) $sortOrder['description'][$pageTags['sortorder_description']] = $tmpTags['def_desc']; if ($pageTags['append_default_keywords'] && tep_not_null($tmpTags['def_keywords'])) $sortOrder['keywords'][$pageTags['sortorder_keywords']] = $tmpTags['def_keywords']; if ($pageTags['append_default_logo'] && tep_not_null($tmpTags['def_logo_text'])) $sortOrder['logo'][$pageTags['sortorder_logo']] = $tmpTags['def_logo_text']; FillHeaderTagsArray($header_tags_array, $sortOrder); //if nothing else is set, force the page name and default settings, if present $path_parts = pathinfo($_SERVER['PHP_SELF']); $pageName = substr($path_parts['basename'], 0,strpos($path_parts['basename'],'.')) . ' '; $pageName = ucwords(preg_replace("/[^A-Za-z0-9]/", " ", $pageName)); if (! tep_not_null($header_tags_array['title'])) $header_tags_array['title'] = $pageName . (tep_not_null($tmpTags['def_title']) ? HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $tmpTags['def_title'] : ''); if (! tep_not_null($header_tags_array['description'])) $header_tags_array['description'] = $pageName . (tep_not_null($tmpTags['def_desc']) ? HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $tmpTags['def_desc'] : ''); if (! tep_not_null($header_tags_array['keywords'])) $header_tags_array['keywords'] = $pageName . (tep_not_null($tmpTags['def_keywords']) ? HEADER_TAGS_SEPARATOR_KEYWORD . ' ' . $tmpTags['def_keywords'] : ''); if (! tep_not_null($header_tags_array['logo'])) $header_tags_array['logo'] = $pageName . (tep_not_null($tmpTags['def_logo_text']) ? HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $tmpTags['def_logo_text'] : ''); return $header_tags_array; } function FillHeaderTagsArray(&$header_tags_array, $sortOrder) { if (count($sortOrder) == 0) return; $sortOrder = MultiKeySort($sortOrder); if (isset($sortOrder['title'])) $header_tags_array['title'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['title'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['description'])) $header_tags_array['desc'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['description'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['keywords'])) $header_tags_array['keywords'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_KEYWORD . ' ', $sortOrder['keywords'])), ' ' . HEADER_TAGS_SEPARATOR_KEYWORD); if (isset($sortOrder['logo'])) $header_tags_array['logo_text'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['logo'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['logo_1'])) $header_tags_array['logo_text_1'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['logo_1'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['logo_2'])) $header_tags_array['logo_text_2'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['logo_2'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['logo_3'])) $header_tags_array['logo_text_3'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['logo_3'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); if (isset($sortOrder['logo_4'])) $header_tags_array['logo_text_4'] = ltrim(tep_db_prepare_input(implode(' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ', $sortOrder['logo_4'])), ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION); } function GetCategoryAndManufacturer($sortOrder, $pageTags, $defaultTags, $catStr, $manStr, $product = false) { global $category_depth, $current_category_id, $languages_id;; $type = 'top'; //not used if ($category_depth == 'nested' || $category_depth == 'products') $type = 'cat'; else if (isset($_GET['manufacturers_id'])) $type = 'man'; if (($type == 'cat' || $type == 'top') && ($pageTags['append_category'] || $defaultTags['default_logo_append_group'] || $defaultTags['default_logo_append_category'])) { if ($category_depth == 'nested' || $category_depth == 'products' || $product) { $the_category_query = tep_db_query($catStr); $parentStr = ''; if (HEADER_TAGS_ADD_CATEGORY_PARENTS == 'Duplicate Categories' && $product && tep_db_num_rows($the_category_query) > 1) //selected product is in multiple categories { $ctr = 0; $lastCatPos = (tep_db_num_rows($the_category_query) - 1); while ($the_category = tep_db_fetch_array($the_category_query)) { $parentStr .= $the_category['htc_title_tag'] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' '; if ($ctr++ == $lastCatPos - 1) //don't add the last one since it will be done below break; } tep_db_data_seek($the_category_query, $lastCatPos); $the_category = tep_db_fetch_array($the_category_query); $header_tags_array['category'] = $the_category['htc_title_tag']; //save for use on the logo } else { $the_category = tep_db_fetch_array($the_category_query); $header_tags_array['category'] = $the_category['htc_title_tag']; //save for use on the logo if (HEADER_TAGS_ADD_CATEGORY_PARENTS == 'Full Category Path') $parentStr = GetCategoryParentString($current_category_id, $languages_id); } if (tep_not_null($the_category['htc_title_tag'])) { $catTitle = tep_not_null($parentStr) ? ($parentStr . $the_category['htc_title_tag']) : $the_category['htc_title_tag']; $sortOrder['title'][$pageTags['sortorder_category']] = tep_not_null($sortOrder['title'][$pageTags['sortorder_category']]) ? $sortOrder['title'][$pageTags['sortorder_category']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $catTitle : $catTitle; $sortOrder['logo'][$pageTags['sortorder_category']] = tep_not_null($sortOrder['logo'][$pageTags['sortorder_category']]) ? $sortOrder['logo'][$pageTags['sortorder_category']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $catTitle : $catTitle; } if (tep_not_null($the_category['htc_desc_tag'])) { $catDesc = tep_not_null($parentStr) ? ($parentStr . $the_category['htc_desc_tag']) : $the_category['htc_desc_tag']; $sortOrder['description'][$pageTags['sortorder_category']] = tep_not_null($sortOrder['description'][$pageTags['sortorder_category']]) ? $sortOrder['description'][$pageTags['sortorder_category']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $catDesc : $catDesc; } if (tep_not_null($the_category['htc_keywords_tag'])) { $catKeywords = tep_not_null($parentStr) ? (str_replace(HEADER_TAGS_SEPARATOR_DESCRIPTION, HEADER_TAGS_SEPARATOR_KEYWORD, $parentStr) . $the_category['htc_keywords_tag']) : $the_category['htc_keywords_tag']; $sortOrder['keywords'][$pageTags['sortorder_category']] = tep_not_null($sortOrder['keywords'][$pageTags['sortorder_category']]) ? $sortOrder['keywords'][$pageTags['sortorder_category']] . ' ' . HEADER_TAGS_SEPARATOR_KEYWORD . ' ' . $catkeywords : $catKeywords; } } } if ($type == 'man' && ($pageTags['append_manufacturer'] || $defaultTags['default_logo_append_group'] || $defaultTags['default_logo_append_manufacturer'])) { $the_manufacturer_query= tep_db_query($manStr); $the_manufacturer = tep_db_fetch_array($the_manufacturer_query); $header_tags_array['manufacturer'] = $the_manufacturer['htc_title_tag']; //save for use on the logo $sortOrder['title'][$pageTags['sortorder_manufacturer']] = ''; $sortOrder['logo'][$pageTags['sortorder_manufacturer']] = ''; $sortOrder['description'][$pageTags['sortorder_manufacturer']] = ''; $sortOrder['keywords'][$pageTags['sortorder_manufacturer']] = ''; if (tep_not_null($the_manufacturer['htc_title_tag'])) { $sortOrder['title'][$pageTags['sortorder_manufacturer']] = tep_not_null($sortOrder['title'][$pageTags['sortorder_manufacturer']]) ? $sortOrder['title'][$pageTags['sortorder_manufacturer']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $the_manufacturer['htc_title_tag'] : $the_manufacturer['htc_title_tag']; $sortOrder['logo'][$pageTags['sortorder_manufacturer']] = tep_not_null($sortOrder['logo'][$pageTags['sortorder_manufacturer']]) ? $sortOrder['title'][$pageTags['sortorder_manufacturer']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $the_manufacturer['htc_title_tag'] : $the_manufacturer['htc_title_tag']; } if (tep_not_null($the_manufacturer['htc_desc_tag'])) { $sortOrder['description'][$pageTags['sortorder_manufacturer']] = tep_not_null($sortOrder['description'][$pageTags['sortorder_manufacturer']]) ? $sortOrder['title'][$pageTags['sortorder_manufacturer']] . ' ' . HEADER_TAGS_SEPARATOR_DESCRIPTION . ' ' . $the_manufacturer['htc_desc_tag'] : $the_manufacturer['htc_desc_tag']; $sortOrder['description'][$pageTags['sortorder_manufacturer']] = $the_manufacturer['htc_desc_tag']; } if (tep_not_null($the_manufacturer['htc_keywords_tag'])) { $sortOrder['keywords'][$pageTags['sortorder_manufacturer']] = tep_not_null($sortOrder['keywords'][$pageTags['sortorder_manufacturer']]) ? $sortOrder['title'][$pageTags['sortorder_manufacturer']] . ' ' . HEADER_TAGS_SEPARATOR_KEYWORD . ' ' . $the_manufacturer['htc_keywords_tag'] : $the_manufacturer['htc_keywords_tag']; } } return $sortOrder; } function GetCanonicalURL() { $parts = explode("&", $_SERVER['QUERY_STRING']); $cnt = count($parts); if ($cnt == 1 && basename($_SERVER['PHP_SELF']) === FILENAME_DEFAULT) //home page return StripSID(tep_href_link('/', $args, 'NONSSL', false) ); $args = tep_get_all_get_params(array('action','currency', tep_session_name(),'sort','page')); return StripSID(tep_href_link(basename($_SERVER['PHP_SELF']), $args, 'NONSSL', false) ); } function GetCategoryName($category_id, $language_id) { $category_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$category_id . "' and language_id = '" . (int)$language_id . "'"); $category = tep_db_fetch_array($category_query); return $category['categories_name']; } function add_separators(&$item) { $item = $item . ' '. HEADER_TAGS_SEPARATOR_DESCRIPTION . ' '; } // Build a string of the parent categories properly separated function GetCategoryParentString($current_category_id, $languages_id) { $parentCats = array(); $parentCatsNames = array(); tep_get_parent_categories($parentCats, $current_category_id); $parentCats = array_reverse($parentCats); foreach ($parentCats as $pc) $parentCatsNames[] = GetCategoryName($pc, $languages_id); array_walk($parentCatsNames, 'add_separators'); $csv = implode(" ", $parentCatsNames); return $csv; } function MultiKeySort($k) { if (! is_array($k)) $k = array(); foreach ($k as $key => $val) { ksort($val); $k[$key] = $val; } return $k; } //Remove the session ID for canonical tags function StripSID($url) { $sidName = tep_session_name(); if (isset($_GET[ $sidName ])) { if (($sid = strpos($url, $_GET[ $sidName ])) !== FALSE) { $SidLength = strlen($_GET[ $sidName ]) + strlen( $sidName ) + 2; // to account for the "?" and "=" return substr($url , 0, - $SidLength ); } } return $url; } function ReadCacheHeaderTags(&$header_tags_array, $filename, $languages, $id) { global $language; return ( (HEADER_TAGS_ENABLE_CACHE == 'None') ? false : ReadCacheFromDB($header_tags_array, 'header_tags_' . $filename . '_' . $language . '_cache_id_' . $id) ); // return ( (HEADER_TAGS_ENABLE_CACHE == 'false') ? false : read_cache($header_tags_array, 'header_tags_' . $filename . '_' . $language . '_cache_id_' . $id) ); } function ReadCacheFromDB(&$data, $name, $gzip = 0) { $gzip = ( HEADER_TAGS_ENABLE_CACHE == 'GZip' ? true : false ); $name = serialize($name); $name = ( $gzip == 1 ? base64_encode(gzdeflate($name, 1)) : $name ); $cache_query = tep_db_query("select * from " . TABLE_HEADERTAGS_CACHE . " where title = '" . $name . "' limit 1"); if (tep_db_num_rows($cache_query) > 0) { $cache = tep_db_fetch_array($cache_query); $cache = ( $gzip == 1 ? @gzinflate(base64_decode($cache['data'])) : stripslashes($cache['data']) ); $data = unserialize($cache); return $data; } } function WriteCacheHeaderTags($header_tags_array, $filename, $languages, $id) { global $language; if (HEADER_TAGS_ENABLE_CACHE != 'None') { ob_start(); $cache_output = $header_tags_array; //ob_get_contents(); ob_end_clean(); if (tep_not_null($cache_output)) WriteCacheToDB($cache_output, 'header_tags_' . $filename . '_' . $language . '_cache_id_' . $id); // write_cache($cache_output, 'header_tags_' . $filename . '_' . $language . '_cache_id_' . $id); } } function WriteCacheToDB($data, $name) { $gzip = ( HEADER_TAGS_ENABLE_CACHE == 'GZip' ? true : false ); $name = serialize($name); $name = ( $gzip == 1 ? base64_encode(gzdeflate($name, 1)) : $name ); $data = serialize($data); $data = ( $gzip == 1 ? base64_encode(gzdeflate($data, 1)) : addslashes($data) ); $cache_query = tep_db_query("select 1 from " . TABLE_HEADERTAGS_CACHE . " where title = '" . $name . "' limit 1"); if (tep_db_num_rows($cache_query) == 0) tep_db_query("insert into " . TABLE_HEADERTAGS_CACHE . " ( title, data ) values ('" . $name . "', '" . $data . "')"); else tep_db_query("update " . TABLE_HEADERTAGS_CACHE . " set data = '" . $data . "'"); } ?> Link to comment Share on other sites More sharing options...
drillsar Posted December 15, 2010 Share Posted December 15, 2010 I would delete everything and start from scratch, the customers database can be backed up by going to phpmyadmin and backing up that table thats the root I would go. I also for one would block port 21 and go with SFTP which is part of SSH, more secure. You have to make it so that it's harder to hack your site. Another thing you can do is completely lock the admin folder until needed. Did you check access log on server? Link to comment Share on other sites More sharing options...
♥FWR Media Posted December 15, 2010 Share Posted December 15, 2010 Everyone here is talking about "files" where the problem could easily be the server .. is it a shared server? Why haven't the server techies checked the logs to find out how the bad code is being introduced? Does the server have mod_security? Does it have a firewall? Does it have all the other fundamental security settings? Basically if the hacker has got into the server changing files etc. won't make a jot of difference. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted December 28, 2010 Share Posted December 28, 2010 Eventually this turned out to be the hosting company had installed a security system that deleted files it assessed as being "suspicious". The first level support had not been told about this so were unable to help. Nothing appeared in the access logs and naturally enough there were no suspicious files anywhere on the server. I am now in possession of a neat little ftp script that can be run on a local pc that check if selected files exist on a web site and copies any missing ones. This is only necessary if the hosting package does not have cron included. Also pc must not go into hibernation otherwise as you would expect scheduled jobs will not run. Don't you just love hosting companies. HTH someone G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Kelleren Posted March 3, 2011 Author Share Posted March 3, 2011 Please delete this thread - as things turned out we were never hacked - cause was an error from my host. Site is secure now as ever. Michael Keller Link to comment Share on other sites More sharing options...
Guest Posted March 4, 2011 Share Posted March 4, 2011 Please delete this thread - as things turned out we were never hacked - cause was an error from my host. Site is secure now as ever. Michael Keller Michael, I'm curious as to who your host is. I had similar issues in Nov and Dec and I'm still working on reestablishing the site. Kim Link to comment Share on other sites More sharing options...
Kelleren Posted March 5, 2011 Author Share Posted March 5, 2011 >please delete this thread - it is hurting my ranking on google and since I was never hacked that hardly seems fair!< Link to comment Share on other sites More sharing options...
Guest Posted March 18, 2011 Share Posted March 18, 2011 Michael, Threads are never deleted. However, if posts on this thread stop, it will eventually be buried in the archives. Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.