Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Y-Ola site hacked


Taipo

Recommended Posts

This discussion is for the owner of y-ola.com to discuss his website problems so that he can stop spamming othe threads that are not specific to dealing with issues with his site.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Right, Kevin. From what I can see from what you have spammed in the discussion about the addon called osC_Sec, is that you have several sites running from the same web space. From what I can tell from the info you have provided is:

 

1/ at least one of the URLs you posted in ( http://yoshkar-ola-gifts.com/ ) is still running 2.2RC2 and does not have osC_Sec configured correctly, and has an iFrame code added into your database somewhere, my guess probably in the site name.

2/ Because osC_Sec is not installed, and/or you have not secured that particular site in any way shape or form i.e. it is not 2.3.1, does not have the admin directory protected, and more, it is wide open to be exploited.

3/ osC_Sec maybe uploaded into a directory somewhere in your sites but it is not installed correctly as per the install instructions in the readme.htm that comes with the addon

4/ your main site ( http://www.y-ola.com/ ) seems to be a cross over between 2.2RC2 and 2.3.1, that could be because you have restored a backup perhaps? Hard to tell from just poking around, but it doesnt help that you do not have a completely stock standard version or 2.3.1 installed.

 

If you are intent on using 2.2RC2 then you need to secure it correctly, that means protecting the admin directory from being exploited. You can do this either by adding HTTP Basic Authentication to the admin directory and/or installing osC_Sec correctly, which means not only uploading it to your includes directory but also including it into the application_top.php file as per the instructions.

 

It is these basic mistakes that you have made that has allowed attackers to reinsert rogue javascript redirect code into your sites pages. Fix those, and that will bring your problems to an end.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...