Jump to content

Archived

This topic is now archived and is closed to further replies.

shanehamelin

Fake Admin Accounts

Recommended Posts

About every few days I get a fake admin account added to my oscommerce admin list..

Its normally somethings like: adxxx4s00 or 12wi8i000 weird stuff like that..

 

Now, they aren't making any changes or anything but how can I stop this?

Share this post


Link to post
Share on other sites

Shane

 

Don't only read it but also implement the recommendations.

 

If they can add admin users they can insert orders and harvest your customer information and .......

 

It is not difficult to secure your site just a bit scary when you start out if you have never done it before.

 

Cheers

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

While there are no known easy breakin methods for the latest osCommerce version as there are for earlier versions, it doesn't hurt to protect the admin directory either by changing its name or adding htpasswd protection in fact on any form of content management systems.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×