Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Warning to all who use ftp


Guest

Recommended Posts

I have had osc stores for four years now without any issue. Recently I noticed my sales declining and traffic not what it used to be.

After some investigation I found that someone had gotten my logins and passwords from my filezilla program and changed my index.php and login.php on both the catalog side and the admin side. This is not a osc issue but a internet security issue. After many hours of research I found that a keystroke logger had been installed on my laptop by a malicious entity. They were then able to copy my logins to everything I used a password for!

 

I suggest running malwarebytes antimalware scan and install a proven firewall like zone alarm. The basic security that comes with a laptop is not sufficient.

I now also have roboform to protect my passwords in a vault.

 

I had to run my scans in safe mode to detect the malware. Over 1200 trojans!

 

Hopes this helps someone.

Matt

Link to comment
Share on other sites

Some of the viruses that are being distributed via infected osCommerce websites that use the outdated versions of osCommerce, are designed specifically to exploit weaknesses in web browsers that allow virus files to be downloaded and installed into your computers operating system with the expressed purpose of logging your FTP and other user/password transactions.

 

The faulty code in the outdated versions will allow an attack to install virus code in any file that is writable on the server, and for some users, that could be almost every php file.

 

Once you have cleaned out your site, I would suggest that you download the latest version of osC_Sec (link in my signature) and install that on your site. A couple of months ago I added the actual security patch to fix the issue that allowed the virus code to be installed. It also contains a number of other protection mechanisms to prevent attacks on your site as well.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Having a look back through my PMs I see there was an issue with installing osC_Sec, I would suggest you try the latest version and test it out, that issue you were having with the older version is probably fixed by now.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Also, a good malware cleaner worth trying if you haven't already is Combofix

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

I had the same problem once and afterwards I decided to create a new random password for each FTP session. I usually work locally using SVN and then deploy sites with bash scripts, so FTP is something I rarely use hence it's not much of a hassle. If you use FTP a lot it's indeed best to store it in an encrypted vault. Never store passwords in your FTP client, they can easily abuse that too.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...