Jump to content

Archived

This topic is now archived and is closed to further replies.

superman11

Website Hacked, Malicious Code Inserted

Recommended Posts

Hello my website was hacked repeatedly that my host kicked me out. I've transfered out and my website is clean again, thanks to my new host which I paid to clean up.

 

2) I'v installed the security addons:

 

- .htaccess

- SiteMonitor

- IP Trap

- AutoUpdate (theres an error, I am working on)http://forums.oscommerce.com/index.php?app=forums&module=forums&section=findpost&pid=1554006

- and i've changed the admin folder name

 

as soon as I get the autoupdate working, i'm going to install

 

- securitypro

- check permissions

 

3) I'm running osCommerce 2.2 RC2a - I know i should upgrade, but I don't know how? and I don't know php.

 

4) is there someone in this community I can pay and how much does a job like upgrading OSC and installing all these security measures cost so i can get a rough idea.

Share this post


Link to post
Share on other sites

2 - Do you mean auto backup?

 

Try creating the directory for the backup to write to.

 

If you have installed all these contribution then you should be OK.

 

3 - 2.3 does not have many contributions written for it yet and as such I'd wait for for a while before upgrading.

 

4 - Installing the security measures on 2.2 should take no more than 3 hrs, most take less but sometimes testing the ht access to takes it up to the 3 hrs.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

I am running the same version as discussed above Oscommerce RC2.2 with the same security patches as mentioned and I was also hacked 3!! times this year. Each time someone inserted malicious code into my index.html page. This happened on bluehost and their support each time blamed Oscommerce saying that it has vulnerabilities because because of the global registers on settings in php.ini.

I also read this post which discusses the same issues.

http://forums.oscommerce.com/topic/324931-hacked-sites-bluehost-register-globals-and-zen-cart/

 

Is Oscommerce RC2.2 the last version before the 2.3 and is it secure?

I really don't want to have to change to Zen-cart, but I cannot expose my customer's site to another hacker attack.

Could it be that it is bluehost's lack of securing their server?

 

Any advice is appreciated.

 

Thanks.

Share this post


Link to post
Share on other sites

 

Is Oscommerce RC2.2 the last version before the 2.3 and is it secure?

 

Any advice is appreciated.

 

Thanks.

 

 

You have to patch RC2.2a (last version I believe) to secure it - it's one of the reasons I moved to 2.3.1, but, you still have to add extra security if you are serious about running a e-commerce store and that includes any other e-commerce store.

 

Most rehacks are caused by not removing every bit of the previous hack...


My store is currently running Phoenix 1.0.3.0

I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 )

I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary

Share this post


Link to post
Share on other sites

Have you had a look at

 

http://addons.oscommerce.com/info/2097

 

The other contribution by vger is an earlier version, personall I'd use V1.5 - 5 Sept 2006 as recommended by CTOD.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Nathalie,

 

 

Each time someone inserted malicious code into my index.html page

 

 

There is NO index.html in osCommerce. Your site is likely being hacked because you have failed to remove the 'backdoors' the hacker has installed. Look for anomalous files and malicious code and removed it.

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Nathalie,

 

 

 

 

 

There is NO index.html in osCommerce. Your site is likely being hacked because you have failed to remove the 'backdoors' the hacker has installed. Look for anomalous files and malicious code and removed it.

 

 

Chris

 

 

@Chris - Thanks, I guess the hacker must have uploaded the index.html and I had forgotten that there shouldn't be one (I am using the site monitor contribution) .

I did go through each file for the tenth time and did in fact find some malicious code that I had overlooked and removed it immediately.

@Xpajun - I thought that 2.3.1 had some bugs. That's why I was holding off, but I guess I am going to move it now.

@geoffreywalton - Not sure how this should help me. Is the password_forgotten file just an example?

Share this post


Link to post
Share on other sites

@geoffreywalton - Not sure how this should help me. Is the password_forgotten file just an example?

 

Hi

 

My link was to an add on that removes the need for register globals

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Nathalie,

 

There is NO index.html in osCommerce. Your site is likely being hacked because you have failed to remove the 'backdoors' the hacker has installed. Look for anomalous files and malicious code and removed it.

 

Chris

 

 

Hi,

Yesterday I was informed that one of my hosted sites had been down for about a week (i dont know why it wasnt reported earlier) and when I investigated it had been hacked and files uploaded. The first thing I noticed was the new index.html file which I knew should be there.

The file used an iframe to redirect to another site hositng malicious files, "hidden.jar", "host.exe" and mentioned a hacking forum mavi1 dot org (which I actually signed up to to see if I could find out anything useful).

 

As a quick fix I checked google analytics for access info and ended up blocking India and Turkey the site mentioned above is in turkish) via the .htaccess file.

I also removed files I knew were rogue and changed permissions on a few folders.

 

Long story short I dont know where to start or what vulnerability is being exploited (yet) and im reluctant to upgrade osc immediately to the newer version as I dont know what other files or code have been inserted and it may be a waste of time if I upgrade and the problem comes back. Plus, I dont know if the template(s) will work correctly yet.

 

Are there any files more commonly attacked/hacked/changed so I can check them out first? Chris mentioned looking for malicious code... not being a coder/programmer its unlikely i'll get lucky and stumble across this code.

 

I appreciate answering the last question is potentially a threat to other osc sites (I read on another thread here that the "badguys" do hang around looking for easy prey) but as im new to this I dont fully understand yet how everything interacts with everything else and im just clutching at straws, hoping to get lucky, fix the problem and then patch it like a patched up shabby patchwork quilt.

 

Many thanks in advance,

Peter

Share this post


Link to post
Share on other sites

Peter,

 

Check your admin for the file_manager.php and define_languages.php and delete them if they exist. There are also patches to the admin/login.php and admin/application_top.php to prevent intrusion. Further, renaming the admin folder and added .htaccess protection will stop hackers who search for the admin directory.

 

Read the pinned topics in the security forum for more information.

 

If you find yourself unable to complete the tasks, you should seek out someone more experienced in the detection and removal of the malicious code and anomalous files.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Chris

 

There are 2 contributions that will highlight hacked files.

 

VTS - Virus threat scanner

Site Monitor

 

This one even attempts to fix a specific hack

 

Site57 .info Hack Fix

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×