Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PHP injection (I think)


milauskas

Recommended Posts

Hi all,

 

I built a site a few years ago for a client using osC. The most recent problem just occurred. Apparently someone was using the site to send out spam.

 

I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info.

 

I guess my questions are general at this point. Is there something in the shopping cart that may have enabled the sending of spam?

 

Also, I think the osC version is pretty old. Will upgrading help security and/or will it break anything that's now working in the old version? I believe it's 2.2.

 

We had some hacking a couple years ago and got that cleaned up. THe admin is renamed, we put in new passwords and used htaccess to give some additional security. I'm just wondering if others have had a similar experience and what steps they took. Thanks!

Link to comment
Share on other sites

@@milauskas

 

This is disturbing:

I built a site a few years ago for a client using osC.

 

This is more disturbing:

I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info.

 

READ THIS on now to secure the website, security has been a known issue for many years now on the 2.2 version.

 

 

 

Chris

Link to comment
Share on other sites

Hi all,

 

I built a site a few years ago for a client using osC. The most recent problem just occurred. Apparently someone was using the site to send out spam.

 

I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info.

 

I guess my questions are general at this point. Is there something in the shopping cart that may have enabled the sending of spam?

 

Also, I think the osC version is pretty old. Will upgrading help security and/or will it break anything that's now working in the old version? I believe it's 2.2.

 

We had some hacking a couple years ago and got that cleaned up. THe admin is renamed, we put in new passwords and used htaccess to give some additional security. I'm just wondering if others have had a similar experience and what steps they took. Thanks!

 

If they have set "Allow guest to tell a friend" to TRUE in the admin the stock code can be used as a SPAM engine.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...