Recommend a Product has been hacked - help!

[kittycat01 0]

Hi there,

 

About 2-3 days ago my oscommerce store was hacked, in that they were somehow using my recommend a product feature to send out thousands of spam emails about sustainable energy. Anyway, my hosting company quickly suspended my account and website, and gave me (amongst other info) the following cause:

### Initial checks suggest a product recommendation script is being abused to send thousands of spam from your website.

 

Since communicating with them about the issue, they have now put my website back online today, after I agreed to completely remove the recommend a product feature until I get time to install a captcha on the page.

 

However, I am now met with the following when I load up www.mysite.com/store:

Warning: require(includes/classes/email.php) [function.require]: failed to open stream: No such file or directory in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Warning: require(includes/classes/email.php) [function.require]: failed to open stream: No such file or directory in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Fatal error: require() [function.require]: Failed opening required 'includes/classes/email.php' (include_path='.:/usr/share/pear') in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Could somebody please tell me if this error is occuring due to something the hosting company are doing, or is it something to do with my site being hacked?

 

I can't really remove the recommend a product feature without being able to see my site due to my basic PHP skills you see :/

 

Any help offered will be greatfully accepted here!

Thank you, Kitty

[♥DunWeb 921]

@@kittycat01

 

You will have to check EVERY file for malicious code and check the entire server for anomalous files. Remove any and all malicious code and anomalous files from the server and then secure the server.

 

 

 

Chris

[oconnell12 0]

Did you get this sorted Kitty?

 

Just had the same problem with the same spam email, guessing it was getting through via our tell a friend service.

 

Lou

[Dr_killer_UK 0]

I know this is a late reply but for the sake of others in same situation here goes.

 

You need to go into the application_top.php file (its in the includes folder)

Take out the email.php refrence within the application_top.php file then the error should go away once uploaded back to the website.

 

For other people it could be application_bottom.php or column_left.php just refer to the error to know which file need to be changed.

 

 

Jonny

[♥DunWeb 921]

OR, just disable the tell a friend module from the admin area. :-

 

 

 

Chris

[♥FIMBLE 82]

You could always use captcha or set tell a friend to to only allow logged in guests to use this form.

Not so sure the site would of been hacked, but certainly there is a lot of this going around the 'net.

this add on has some protection of the tell a freind built into it

http://addons.oscommerce.com/info/8283

Nic