Jump to content

Archived

This topic is now archived and is closed to further replies.

jarimany

Hacked OSCommerce

Recommended Posts

Hello, my OSCommerce site was hacked, but I don't know how it was or how could I protect it from future attacks.

 

from one day to other, all my payment modules were deactivated and paypal experss was activated linking it to the hackers paypal account.

 

Looking at the database, a new administrator was added.

 

This is very important to all people using paypal module as changing the paypal account will not be very noticeable.

 

 

I'm very concerned about how my OSCommerce was hacked, right now I dont't know if it was a security flaw of my provider (dotster) and I have all my other websites on risk, or it was done attacking security issues on OSCommerce.

 

What steps should I follow to prevent it again?

 

Thank you in advance

Share this post


Link to post
Share on other sites

@@jarimany

 

Basic Precautions:

 

1. All .php and .js files should have 444 permission.

2. All folders should have 555 permission.

3. Admin folder should be renamed.

4. Add captcha to create account, contact us, reviews and any other forms on site.

5. Make admin .htaccess protected.

6. Upgrade version and remove wp version from code.

7. Disable file manager.

8. Delete sample data.

9. Frequently check website for any vulnerability through Google webmaster/ http://www.acunetix.com/vulnerability-scanner/

 

Thanks!

 

Praful


Like post..hit LIKE button.

 

osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI

 

Guaranteed Website Speed Optimization!!

Share this post


Link to post
Share on other sites

What version of osC? The 2.2 versions all have some major security problems that have been fixed in the 2.3 series. It's possible to upgrade a 2.2 site to fix security issues. This includes renaming the "Admin" directory and password protecting it, and removing the file_manager and language_definition routines. If you can figure out how the hacker got in, there's no need to change directory and file permissions -- having them Read-Only (as suggested above) is a nuisance when you want to maintain the site, but is useful as an emergency measure until you've blocked the hacker. I don't know how deleting sample data is going to help (you would have done that anyway). Adding CAPTCHAs might cut down on spambots using your site to spam via emails, but will do nothing to lock out a hacker.

 

I don't have them at hand, but some people have collected step-by-step instructions for securing your site and posted them in this forum. Do a search.

 

Four very important steps that were omitted above are

 

10. Do a spyware/malware/virus scan on all PCs you use to access the site and store administration. Be on the lookout for password sniffers and keystroke loggers that pass your passwords on to the hacker as soon as you type them in.

 

11. Turn on your PC's firewall. You want to know when some random module in your PC is trying to contact some outside site, possibly to pass on passwords, bank account numbers, etc.

 

12. Change all the passwords you can think of: site hosting access, FTP, admin account, and anything else with a password. Do this after you have cleared all spyware from your PC(s).

 

13. Periodically scan through your site, looking for unexpected new files that you can't account for, and look at all files' "last modified" date to see if someone or something made updates to your site that you can't account for. This can be as simple as doing a daily or weekly ls -laR > filelist on the whole site, and comparing these weekly filelists with "fc" (Windows) or "diff" (Linux). Run the file listing on a "cron job" to deliver it to your inbox.

Share this post


Link to post
Share on other sites

~ Don't mistake my kindness for weakness ~

Share this post


Link to post
Share on other sites

You can also hard code the pp email account and each time PP is used test to check the one in the configuration table is still the same and email you if it is not.

 

That way payment goes to your account irrispective of the value set in the admin.

 

You will know if someone comes in an changes the value in the db.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×