dynopack title hack?

[MreSailor]

Had 2 of my OSCMax sites hacked. They somehow injected a js script into the STORE_NAME variable in the configuration table in the db so the title header was reading something like <title>mysite.com</title><src=js dynopack.js<title> : </title> or something close, I've deleted it.

 

After changing the db entry it came back, and I'm not sure how. I've implemented security fixes and now it's not appearing in the db any longer however it still shows in the title tag, the only short term patch that worked was to remove the <title> line from the main_page.tpl.php file which got one of them back online.

 

The second site has the same issue but now the browser does a connection reset 1/2 way through loading the footer. I"ve redirected it short term.

 

Any ideas?

[netstep]

Did you find a "solution" for this?

I've got a recurring issue.

 

I have a config-cache extension installed so I'm able to set the config then lock the file down so it changes in the DB but not in the cached config file. Literally a band-aid over a wicked infection.

[Taipo]

The solution is to secure your sites. After cleaning out your sites of th added code, either put protection on the admin directory or install osC_Sec addon (see link in my signature).