Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Recommend a Product has been hacked - help!


kittycat01

Recommended Posts

Hi there,

 

About 2-3 days ago my oscommerce store was hacked, in that they were somehow using my recommend a product feature to send out thousands of spam emails about sustainable energy. Anyway, my hosting company quickly suspended my account and website, and gave me (amongst other info) the following cause:

### Initial checks suggest a product recommendation script is being abused to send thousands of spam from your website.

 

Since communicating with them about the issue, they have now put my website back online today, after I agreed to completely remove the recommend a product feature until I get time to install a captcha on the page.

 

However, I am now met with the following when I load up www.mysite.com/store:

Warning: require(includes/classes/email.php) [function.require]: failed to open stream: No such file or directory in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Warning: require(includes/classes/email.php) [function.require]: failed to open stream: No such file or directory in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Fatal error: require() [function.require]: Failed opening required 'includes/classes/email.php' (include_path='.:/usr/share/pear') in /home/14091/myserver/www.website.com/public_html/store/includes/application_top.php on line 268

 

Could somebody please tell me if this error is occuring due to something the hosting company are doing, or is it something to do with my site being hacked?

 

I can't really remove the recommend a product feature without being able to see my site due to my basic PHP skills you see :/

 

Any help offered will be greatfully accepted here!

Thank you, Kitty

Link to comment
Share on other sites

@@kittycat01

 

You will have to check EVERY file for malicious code and check the entire server for anomalous files. Remove any and all malicious code and anomalous files from the server and then secure the server.

 

 

 

Chris

Link to comment
Share on other sites

  • 11 months later...

I know this is a late reply but for the sake of others in same situation here goes.

 

You need to go into the application_top.php file (its in the includes folder)

Take out the email.php refrence within the application_top.php file then the error should go away once uploaded back to the website.

 

For other people it could be application_bottom.php or column_left.php just refer to the error to know which file need to be changed.

 

 

Jonny

Link to comment
Share on other sites

  • 4 weeks later...

You could always use captcha or set tell a friend to to only allow logged in guests to use this form.

Not so sure the site would of been hacked, but certainly there is a lot of this going around the 'net.

this add on has some protection of the tell a freind built into it

http://addons.oscommerce.com/info/8283

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...