Jump to content

Archived

This topic is now archived and is closed to further replies.

RMD27

Script repeatedly inserted in ALL index.php files

Recommended Posts

The add-on Virus Threat system will search for know hack strings as will Site Monitor, but not for so many.

 

http://addons.oscommerce.com/info/7279

 

There are also some tips on what to look for in my profile.

 

HTH

 

G

 

ok I used AVS and I get a ton of messages related to contributions

 

spaw

fckeditor

lightbox

mailist

 

are the ones that stand out

 

I suppose I have to check these files against the file that came with the contribution to know if things are okay or not?

 

it says none are infected though

Share this post


Link to post
Share on other sites

This is the type of thing that can be uploaded via what I explained earlier. First port of call for you is to patch all that faulty code or else this stuff will be back as soon as you get rid of it. I assume you have taken your site offline. You basically have two conceptual security issues, one with the osCommerce code which you have sorted by blocking access to the admin directory, two, patch the Wordpress plugins or remove the plugins if there are no upgrades for them.

 

Then you need to troll through all your files and look for those types of additions that you posted above. Once you become familiar with them then you will find them easier to spot. There are people who are regulars in these forums who also do cleanups for a fee if you feel you are out of your depths on that issue.

 

The main thing is not to send the site live without patching that insecure code and certainly not sending your site live again with that sort of backdoor code embedded in files.

 

my hosting company have no end of patience. they found the corrupted files and deleted all the code, I deleted the infected folders I could live without and also updated osc & wordpress.

 

it never occured to me that wordpress could infect oscommerce and vice versa. extremely naive i know

 

im learning everyday. today's lesson, everything needs extra security!

Share this post


Link to post
Share on other sites

×