RMD27 Posted February 8, 2012 Author Share Posted February 8, 2012 The add-on Virus Threat system will search for know hack strings as will Site Monitor, but not for so many. http://addons.oscommerce.com/info/7279 There are also some tips on what to look for in my profile. HTH G ok I used AVS and I get a ton of messages related to contributions spaw fckeditor lightbox mailist are the ones that stand out I suppose I have to check these files against the file that came with the contribution to know if things are okay or not? it says none are infected though Link to comment Share on other sites More sharing options...
RMD27 Posted February 8, 2012 Author Share Posted February 8, 2012 This is the type of thing that can be uploaded via what I explained earlier. First port of call for you is to patch all that faulty code or else this stuff will be back as soon as you get rid of it. I assume you have taken your site offline. You basically have two conceptual security issues, one with the osCommerce code which you have sorted by blocking access to the admin directory, two, patch the Wordpress plugins or remove the plugins if there are no upgrades for them. Then you need to troll through all your files and look for those types of additions that you posted above. Once you become familiar with them then you will find them easier to spot. There are people who are regulars in these forums who also do cleanups for a fee if you feel you are out of your depths on that issue. The main thing is not to send the site live without patching that insecure code and certainly not sending your site live again with that sort of backdoor code embedded in files. my hosting company have no end of patience. they found the corrupted files and deleted all the code, I deleted the infected folders I could live without and also updated osc & wordpress. it never occured to me that wordpress could infect oscommerce and vice versa. extremely naive i know im learning everyday. today's lesson, everything needs extra security! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.