Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Have it been hacked


fabcards

Recommended Posts

Not sure if my site has been hacked but when i view the page source at the bottom of most pages i can see links to a load of other sites?....Have i been hacked? How do i remove these links? Are they dangerous?

 

www.fabcards.ie

Link to comment
Share on other sites

but when i view source at the bottom i get a load of rubbish like

 

 

<!-- [90cbc035f8d7ea32fbc6434d3ce91443 --><!-- 8428386921 --><a href=javascript:document.getElementById('block28').style.display='block';" title="more"> </a><div id="block28" style="display:none"><ul><li><a href="http://notwriting.com/commentary_111002.htm?cheap_pill=774">how much does mobic cost</a></li><li><a href="http://notwriting.com

 

Lookign at my files on the hosting server i see some files in the catalog/pub directory that i dont see on my local copy. viewed some of these files and inside mentions a pakistan hacker???There are two new folders in there Bomba and Bomba1 and inside these are aload of files with no file type so i cant seem to do anything with them...download nor delete.....am i safe enough to delete these folders or could this bring down my site altogether?

Link to comment
Share on other sites

It does look like you have been hacked.

 

There are loads of posts listing what you need to do to cleanse your site and block the known route the hackers can use on unsecured site.

 

I have PM'd some usefull info.

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

A few years ago there was a hack going around that only displayed the hack links if you were a web bot indexing a site.

 

The hack had the IP addresses of all the major search engines and only spit out the extra links if the IP of the visitor matched one on their list.

 

The only way for the "average joe" to see the links was to view g00gle's cache of the site.

 

Somehow the cache isn't always available on g00gle now like it was a few years ago.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

this is a page im viewing the source of

http://fabcards.ie/oscommerce2/catalog/product_info.php?cPath=22_35&products_id=63.

Maybe its only on some pages

 

Definitely hacked.

:(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Find the hack file(s) and remove it(them).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Looking at my files on the hosting server i see some files in the catalog/pub directory that i dont see on my local copy. viewed some of these files and inside mentions a pakistan hacker???There are two new folders in there Bomba and Bomba1 and inside these are aload of files with no file type so i cant seem to do anything with them...download nor delete.....am i safe enough to delete these folders or could this bring down my site altogether? I dont want to risk downloading the folders to my local computer but am afraid if i delete i may mess up my whole website????

Link to comment
Share on other sites

You can always zip up your site and keep a "security" copy.

 

But if "someone" had added them you definately don't want to keep them on your server.

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...