esm Posted January 8, 2011 Share Posted January 8, 2011 Guys, Can someone check this cart: http://www.gbfenterprisesllc.com/index.php and tell me what's going on here? Thanks, Ed Link to comment Share on other sites More sharing options...
Guest Posted January 9, 2011 Share Posted January 9, 2011 Ed, I believe the 'Reported Attack Page' warning tells you exactly what is wrong. Follow these steps to clean and secure your website: 1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code. 2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. 3) Delete the files on your hosting account before uploading the clean files. 4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security. 5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE 6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444 7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list' 8) Remove the .htaccess password protection so your customers can resume making purchases from your website. 9) Monitor your website using the newly installed contributions to prevent future hacker attacks. 10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker. Chris Link to comment Share on other sites More sharing options...
Procommerce Posted January 10, 2011 Share Posted January 10, 2011 Your site was not upto date, and was hacked. Besides what was proposed by chris, you might also want to check your access-log.txt to find out where did the attack came from... Providing Ecommerce & CRM Solutions since 1995 Vote my post up if you found it usefull Link to comment Share on other sites More sharing options...
esm Posted January 10, 2011 Author Share Posted January 10, 2011 How do you know that my site was not up-to-date? Where do I find this access-log.txt file? I tried a grep search but I have no idea what kind of string to enter into the search. How am I supposed to know what to search for? Link to comment Share on other sites More sharing options...
Guest Posted January 10, 2011 Share Posted January 10, 2011 Ed, The most common encryption code used by hackers is eval base64, try using that in the search, it is a good place to start. Chris Link to comment Share on other sites More sharing options...
Procommerce Posted January 12, 2011 Share Posted January 12, 2011 The log file is usually stored above your public access folder, together with the error log. Try with forcing to view hidden files in your ftp program. Providing Ecommerce & CRM Solutions since 1995 Vote my post up if you found it usefull Link to comment Share on other sites More sharing options...
esm Posted January 12, 2011 Author Share Posted January 12, 2011 Above the public access folder is one folder called "logs" but it's empty. Link to comment Share on other sites More sharing options...
Procommerce Posted January 13, 2011 Share Posted January 13, 2011 Sometimes, ftp programs like filezilla might have issues displaying hidden files. Can you try ftp with TotalComander? Providing Ecommerce & CRM Solutions since 1995 Vote my post up if you found it usefull Link to comment Share on other sites More sharing options...
esm Posted January 13, 2011 Author Share Posted January 13, 2011 I found the access log file and there's nothing in that shows any unknown intruder. Just access from the legit website www.bgfenterprisesllc.com Link to comment Share on other sites More sharing options...
Procommerce Posted January 14, 2011 Share Posted January 14, 2011 Usually you can find some strange "POST" or "sh" lines in the access log... Will have to asume that the hacker obtained root access like you, and worried to edit the logs... Anyhow, did you find the infected code in your files? Did you follow the routine proposed before? Tell us what is your status. Providing Ecommerce & CRM Solutions since 1995 Vote my post up if you found it usefull Link to comment Share on other sites More sharing options...
Guest Posted January 14, 2011 Share Posted January 14, 2011 Ed, Your site has already been reported as an attack site, you should follow the instructions above as the site is attacking potential customers when they type in your URL. This is ALWAYS bad for present and future business. Chris Link to comment Share on other sites More sharing options...
esm Posted January 14, 2011 Author Share Posted January 14, 2011 I did go through the instructions and at present the site seems to work fine. My problem now is that I cannot create an admin login. See this post: http://www.oscommerce.com/forums/topic/369441-lost-admin-access-info/ Thanks for the help. Ed Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.