Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

themuir

Websites been hacked, question about a new installation

5 posts in this topic

Hi there,

 

I have spent hours deleteing code and correcting pages but I just seem to be chasing my tail.

 

I wanted to do a fresh install of oscommerce. I have the database sql files.. is there a quick way to restore these into the new installation without uploading all the pages from the old site with the spyware and virus's included?

 

Please assist :-)

Share this post


Link to post
Share on other sites

Thomas,

 

If your site was Unmodified then you can just upload a fresh copy of osCommerce and connect it to the database. However, if the site had modifications then you cannot.

 

Further, you will need to check your database for malware. There have been reports of hackers loading malware into the database.

 

Chris

Share this post


Link to post
Share on other sites

Hi Chris, with regards to modifications what do you mean? Adding modules and stuff?

 

I'm probably a little over my head with this. I was only helping a friend out and have spent about a week chasing javascript codes and malware round.

 

Have you got any idea what I should be looking for as Im obviously missing stuff if it keeps coming back :-(

Share this post


Link to post
Share on other sites

Found a code in the ht access folder ... could be the issue .. will have a read how to lock the site down :-)

Share this post


Link to post
Share on other sites

Found a code in the ht access folder ... could be the issue .. will have a read how to lock the site down whistling.gif)

Just removing the changes the hacker has made usually won't do any good, as you've found out. If you are using a pre-2.3 version, then just replacing it with a new pre-2.3 version won't do you any good either since the original security issues would probably still be there. If you are using a pre-2.3 version and replace it with a 2.3 version, you have to start over completely (due to a poor design decision by the oscommerce team), or spend many hours getting it updated, assuming changes have been made to your original shop. So you need to first decide on what version of oscommerce you want to use. If pre-2.3, then you should apply the security cahnges mentioned in these forums to prevent this from hapenning again..

Share this post


Link to post
Share on other sites