Website Hacked

[littleminxwholesale 0]

HI

 

I created my website with the help of a web design team back in 2006 and after months of hard work had a very good return within my first year, some time on I took website off line due to personal circumstances. I made my website back live recently and also sent some emails out to existing customers aswell as new stating that we were back in business so gradually from time to time on the who's online section I would see quite a lot of customers filling there baskets up but for some reason not checking out so this is where I am now starting to feel concerned as to whether the final stage ie checkout is being directed elsewhere. Any advice or help with this will be greatly appreciated as I feel that the site has been hacked and that my sales are being taken. Or also if u can recommend any scan that I can run etc.

Thanks

[♥kymation 631]

Have you placed any test orders to see if your site is still working? That's a very old version of osCommerce that will not run on modern versions of PHP/MySQL.

 

Regards

Jim

[MrPhil 647]

Those could have been legitimate customers who filled up their carts but were stuck at checkout, or they could have been search engine bots. Anyway, you should definitely go in as a customer and try buying something, to see what happens (you should have done this before announcing to the public that you were open for business). It's quite possible that the old, old code you're running (probably 2.2 MS2) no longer works with modern PHP versions. You should strongly consider installing 2.3.3.4 and migrating your old database over.

 

Make a copy of your site under /dev or /test (files AND database) and practice the install and migration: install/configure/test 2.3.3.4, delete sample stock, copy over the existing database, run the SQL updates to migrate it to 2.3.x level, copy over your product images, test all the way through checkout. Now that you have a working 2.3.3.4 system, decide what 2.3.x add-ons you need to install or custom coding that you need done. Once you're happy with your new system, all you will need to do is copy all the files over the old store (which you've backed up) and you're in business. It should continue to use the new database, and the old one (backed up) can be removed.

 

Note that if you were collecting credit card information using the cc.php module, you can no longer use that (it's illegal, as it is not PCI-DSS compliant). You would have to update your payment modules (use a Third Party payment system such as PayPal or the like, for low to moderate volumes). Direct credit card acceptance is now usually quite expensive, due to PCI-DSS security audit requirements, and worthwhile only for high volume stores. You can always switch over later.

[♥geoffreywalton 139]

Lila

 

You should definitely try to place an order yourself and ask a couple offriends to do the same.

 

If you are not going to upgrade then, as you have such an old version, you should check and see if the security patches have been applied. There is a pinned thread at the top of the 2.2 security thread that explains what should have been done.

 

HTH

 

G

[MrPhil 647]

If her team finished work on it in 2006, I would guess that absolutely no patches have been applied for 7 years. It would be far easier to migrate to 2.3.3.4.