catalog/conditions.php/images/ShadowX.php

[maindron1]

I was checking the "Who's online" in my admin control panel and I found these two paths:

 

1.- catalog/conditions.php/images/ShadowX.php

 

2.- catalog/conditions.php/images/X-LOL

 

 

I ran a search in my original oscommerce folder and there is no file called shadowX in there. Could that mean that some hacker uploaded this file in my website and if so where will it be located. I already took all the recommended steps to secure my website and they are still comming at me strong.

 

Please help.

[Guest]

Rodrigues,

 

 

Normally, that type of inquiry is a script that is looking for hacker files in a website. It does not actually mean the files are present. If you have taken the appropriate security measures and have just double checked your site for this files (and didn't find them), then more than likely you are secure.

 

 

 

 

Chris

[driftwood]

I had the same this morning, over the past few weeks I monitoring the whos online IP address and any like this I just IP ban in cpanel. But be carefull to check the IP. If possible I ban the full range for that network if it's from somewhere like China or a place I don't want customers from. Here's this month list, each month I delete the list and start again.

 

 

113.169.104.120

87.106.116.89

78.136.8.76

78.109.172.16

94.75.243.135

208.109.0.0/16

82.192.74.3

208.80.192.0/21

69.72.128.0/17

69.72.215.178

89.149.192.0/18

92.61.155.10

208.73.56.0/22

122.208.0.0/12

80.74.153.0/25

 

All the above are sending hack attempt to my site in the last month.