Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Strange url in who is online


kvadre

Recommended Posts

Jesper,

 

It is more than likely a hacker bot looking for vulnerabilities in your website. There is no need to worry if you have a properly configured v2.3.1 store.

 

 

 

 

Chris

Link to comment
Share on other sites

Hi

 

Today when I checed who is online a visitor came up with the following url: //#phpmyadmin_2.9.11/

I tried google but that didn't give me much, anyone here?

 

/Jesper

It's a hacker trying to get into phpmyadmin, which is a program used to access the database. If you have that installed in your shop, then you could have a problem since that has nothing to do with oscommerce. You need to verify it is not installed and, if it is, remove it. Or, if you have to have due to your host not having it, then move it to the admin directory.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

Hackers do try to check gates to crash into your site.

 

PhpMyAdmin is one of those that they try.

 

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

If your webhost has installed phpmyadmin without your websites public directory then change to another webhosting company.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Hi Taipo

 

I'm not quite sure I understand what you write, the whole directory talk on webhosting is unknown to me.

 

Would you mind explaining what you mean, i'm always interested in learning new thing.

 

/Jesper

Link to comment
Share on other sites

If the company you have your website hosted with has placed the phpMyAdmin directory within the public_html directory then that is a sign that they are amateurs with no concern for security therefore an indicator that it might be best that you look for another place to host your site. Its just an opinion of mine when it comes to webserver security. A mistake like that is an indicator that there are probably other security issues that they have overlooked.

 

However as you were saying above, the phpMyAdmin directory is not in your websites public directory/folder so therefore not a concern.

 

 

phpMyAdmin is a very powerful database editing tool and really has no place in the publicly accessible directories even with user authentication protecting it.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Some times developers or site owners do upload PhpMyAdmin and hackers just try to make out if that exist as a gateway to enter your site.

 

Satish

Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site.

 

Check My About US For who am I and what My company does.

Link to comment
Share on other sites

  • 4 weeks later...

It's a hacker trying to get into phpmyadmin, which is a program used to access the database. If you have that installed in your shop, then you could have a problem since that has nothing to do with oscommerce. You need to verify it is not installed and, if it is, remove it. Or, if you have to have due to your host not having it, then move it to the admin directory.

 

Hi Jack, do you mind sharing how to verify if that program is installed in the database please? I am a new learner here. Thanks!! :)

Link to comment
Share on other sites

What (I think) he was saying is that phpMyAdmin should not be accessible via the Web, but only through the hosting control panel (e.g., cPanel). If it can be accessed via the Web (is in public_html), that's very bad news, as a hacker will try to find a way into it. Once they're in, they have complete control over your database! If it has to be Web-accessible, make sure it is behind closed doors (a directory with password protection, at the very least).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...