Newbie Needs Help

[Breathe]

Hi all

 

I am the site owner of www.breatheapparel.com

 

I dont know anything about osCommerce, hence I hired a company/web developer to develop it for me.

 

They are they one's who sugested osCommerce.

 

Issue started 1 week back when I started receiving these weird email in my email address ([email protected]) which basically were 'RETURN TO SENDER' emails,

supposedly sent by my to all these unknown email address. They were adult in nature.

 

I then contacted my webmail provider, who in turn out me thru hostgator (my hosting provider).

 

Hostgator investigated and discovered a spam issue that originated from ymy account. Upon a further investigation, it was determined that my account has been exploited and used to send spam messages.

 

Hostgator removed malicious scripts from my account & according to them, these files were inserted through security holes in my scripts. My scripts have security holes because they are outdated:

 

Now, hostagor wants me to upgrade my current version of RC2A to v2.3.1

 

My web developer claims that it has got nothing to do with osCommerce and he is blaming it all on hostagotor.

 

Later he turned around and said that upgrading means::

 

"Bcoz it will take fresh time to set up the application,

 

data migration to be done from the current website to new website

 

Existing design migration to be done

 

All plug-in has to develop to support new version – this will take another some time

 

Cost will be added on all these activities. This will work out later.""

 

 

I'm at a lost now. Hostgator is mailing me every couple of hours and all I can do is fwd the responses that my web developer has given me.

 

Anybody can shed some light on this??

 

Please and than you in advance.

 

-Kiran-

[Guest]

Kiran,

 

 

You don't need to UPDATE your osCommerce v2.2 RC2a site ! You simply need to clean and secure the site. A good developer would have already informed you of this.

 

 

You can find the information to clean and secure your site in these two threads:

 

Admin Security and Website Security

 

 

 

With your website developers response being what it was, you may want to turn to someone more experienced to help you with this. JMO

 

 

 

 

 

Chris

[Breathe]

Hi Chris

 

I will go through those 2 threads and try by myself..

 

However, just received an email from hostgator saying that :

 

"Following up on this issue, It does not appear that the "admin" directory for this OsCommerce installation has yet been secured.

 

The OSCommerce installation on your account is vulnerable. Specific functions of your administration panel are accessible without a login. You will need to take steps to secure the account. You will need to place a password on the "admin" directory to prevent unauthorized accesses. You can do this via the "Password protect directories" page within cPanel. In addition, you will need to upgrade to the most recent version of OSCommerce as soon as possible. "

 

SO now 1st thing for me to do is set up password at the admin part.

 

However, I wish to ask u, is it really rocket science to upgrade from RC2A to 2.3.1? - Just wondering!!

 

Thanks!

Kiran

 

Regards,

Kiran

[Guest]

Kiran,

 

 

NO, it's not rocket science, however I will tell you that although there is a definite update path for the CORE code from RC2a to v2.3.1, there is NOTHING on how to update any contributions that installed into the site. This is where things get complicated and could lead to an unstable website once the upgrade is complete. I personally find it easier and more stable to create a NEW website using v2.3.1 and the contributions for it, rather than try to upgrade to v2.3.1 from a prior release.

 

 

 

 

Chris

[multimixer]

I dont know anything about osCommerce, hence I hired a company/web developer to develop it for me.

However, I wish to ask u, is it really rocket science to upgrade from RC2A to 2.3.1? - Just wondering!!

 

For you probably yes

For the company/developer you have it should not

[Breathe]

Hi all

 

I have managed to add a password to the admin part///so now I have to go through 2 sets of passwords before i can enter the backend of my osCommerce.

 

Now I am figuring out how to install .htaccess

 

hopefully then hostgator will be satisfied.

 

guess i got ripped off of almost USD 5000 by hiring these people...now am broke, my website is not secure and for all i know its not even seo optimised as promised...sigh

 

regards,

Kiran

[Guest]

Kiran,

 

 

YOU MUST remove any anomalous files and malicious code from the server. The hacker more than likely has backdoors in place that will allow him direct access to files already on your server, defeating the admin password protection you have installed.

 

 

There are 18 patches and contribution suggestions in the two threads I sent you, ALL of them have to be completed fully to secure your site.

 

 

 

 

Chris

 

 

ps. 5000 for a website of ANY configuration is a rip off !

[Breathe]

Hi

 

According to my web developer, the .htaccess has already been installed in my FTP, but err...i'm not even sure where my FTP is (not that I am going to admit that to him!)

 

You have to know that I dont know anything about HTML/coding, so all this is VERY new to me.

 

After reading somewhere around this forum, I told him to install Security Pro, which he agreed, not sure if that will help though.

 

18 patches?.,..wow...i couldnt even understand 1 of them completely...right...i havta try though..

 

but my question is, after all this is done, will hostgator will be satisfied?...coz they keep insisting me to upgrade to v2.3.1??

 

thanks guys..

[Breathe]

Hi all

 

My web developer just sent me a screen shot which shows the .htaccess added only 2 days ago!

 

Another question which is bugging me.

 

The site 2ith RC2A was handed over to me around March/April this year.

 

And I understand that V2.3.1 was realised around November.

 

So does that makes sense? Old version delivered when new verion was already out??

 

Regards,

Kiran

[Guest]

Kiran,

 

osCommerce is written in PHP, not HTML. Just to keep that straight. v2.3.1 was released in December of last year so your developer should have used it to create your new site if you entered into an agreement for the website after that date.

 

 

Hostgator simply wants to stop and prevent further over-use of their server resources. By patching your site, you will stop hackers from utilizing Hostgators resources, so they should be satisfied with that.

 

 

 

Chris

[Breathe]

URGENT QUESTION

 

I have found a fairly decent web developer

 

who is willing to:

 

update the security

update coupon system if want to use it

edit the invoicing system to show coupon codes

check all the files for wrong coding just like willsys.com stuff

and make a cron job for backup of database

and update all the modules to latest version which are already on the site

 

ALSO

 

SEO to get more traffic fr search engine

 

how much should i pay him?...he knows what happened...he's asking me to name a figure...i really dono how much?

 

any suggestions??

[Guest]

Kiran,

 

 

 

It is against forum policy to discuss paid work on the site. However, I would get a couple of quotes before deciding who to contract for the updates.

 

 

 

 

 

Chris

[Breathe]

Sorry Chris, wasnt aware of that....thanks!!