Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

strange language link added to my site


leonardo2212

Recommended Posts

Dear all,

 

I have one problem: few months ago my site was blocked due to hack attack, someone tried to install some malware on my server. That was solved (my server provider said so).

 

Now, I have some strange link for some unknow language

(when you click you get this: Fatal error: require() [function.require]: Failed opening required 'includes/languages/.././../images/img-581065496593/index.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/leo/public_html/catalog_leo/index.php on line 32)

 

But, the thing that worries me most is that now when I add new product I have another box for this strange language... In catalog folder I have only Croatian and English folders and files...

please check www dot leo dot hr and you can see in left upper corner link for that language....

 

Thanks for your help!

Link to comment
Share on other sites

My site in now hacked, its off line...

Somebody installed these files on my site:

 

Jul 6 09:30 hellcome.php*

Jul 6 04:13 g0h4ck.php*

Jul 6 04:13 home.php*

Jun 30 10:33 banners/

Jun 30 10:33 wtm7930n.php*

 

in catalog/images

 

I will make the new one, do you think its smart to use existing database on fresh installation or should I make everything new?

 

Thank you...

Link to comment
Share on other sites

I would upgrade to osC 2.3.1, which has many security fixes. You'd be best off, considering how badly you were hacked, to at the least do a thorough examination (in phpMyAdmin, or the .sql backup file) of the database before continuing to use it. Look for foreign website URLs or domains, encoded/encrypted data where there shouldn't be any, etc. It's certainly possible to reset the database in a fresh installation, if you can afford to lose your customer information and product information, but most shops would not like to lose that data. As for files, clean out EVERYTHING. Any file you can't account for could be a backdoor or other malware. Check all image files for scripts or PHP code, leaving only genuine product photos and system images. A complete wipe of the store and installation of osC 2.3.1 might be the least work up front, but make sure you don't mind losing customer and product data. I think that reuse/upgrade of the database is feasible, if you carefully examine the data for suspicious data.

 

P.S. Do a thorough virus/spyware scan on your PC (used to administer the site), and then change all passwords (site access, admin, FTP, database, etc.) even if no spyware was found. Enable your PC's firewall, so you can be alerted if spyware tries to smuggle out passwords to a hacker.

Link to comment
Share on other sites

@@leonardo2212

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.

 

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...