Website hacked

[Gary Tayman]

MJOR PROBLEM!

 

My website has been hacked, bigtime.

 

Something malicious found its way in, and totally messed up the site to the point where the server shut it down entirely.

 

I found this out after returning home from holiday travel.

 

Someone, or something, installed a zillion files on my server.  It took me from 4 pm yesterday, all night long, to 10:30 this morning to delete all the malicious folders and files.  Just click on a bunch of folders, hit delete, and let it run for hours.

 

Everything on my website was backed up, except for OSCOMMERCE.  I was unaware that it COULD be backed up.  Well, I was told I can, and so I did -- but this is like closing the barn door after the horse.  The OSCOMMERCE folder has maklicious files in it, and my server gave me a malware.txt file that specifies which files are bad.

 

Unfortunately this is not a bunch of extra files to simply delete.  It's a list of files which are legitimate, which are flagged because they contain malware.  In other words what I have needs to be cleaned.

 

My online shopping section took me months to write.  Frankly, I have not had many orders.  My server can clean it but said it will cost me $250 to do it.  I can't justify paying it.

 

is there some program out there that I can use to clean the OSCOMMERCE folder?  Or do I need to simply pitch it all, call OSCOMMERCE a bad dream, and cut my losses?

 

[♥Tsimi]

You never took a backup of all osCommerce files and Database before you went to holiday? Or anytime before that whole $#%& happened?

If you do have a backup then just delete everything on the server and re-upload the "clean", "backup" files.

Another thing that you need to think about it is "how" did you get infected/hacked/attacked? That hole needs to be closed ASAP.

 

This time it is a bit late but in the case you get all sorted out. -> http://www.oscommerce.com/forums/topic/408589-reminder-to-backup-your-sites-regularly/

[♥14steve14]

Some of the better hosts keep regular backups. I take it yours does not. It may be easier just to pay them the money and let them sort it for you, then move to a better hosts. You will then be able to fall back on them should it not work or go wrong again. You will then need to update your product and add security features to ensure that it does not happen again. The latest version is secure. Look at this as an investment.

 

Apart from looking through every file and finding the malicious code and removing it, there is not a lot you can do. What I would do is to start again. Remove all files from your server and install fresh. Use the latest BS version and upload all the products and addons that you had. This may seem overkill, but you will never find all the malicious code if you have nothing to check it against. Leave one hole open and they will be back and do the same again. There are coders within these forums who would probably remove all your files and add new for less than your hosts are charging if only you had the database copied.

 

Hopefully you have learned a valuable lesson and that you need to keep backups of both the store files and the database in case something like this happens. You should also keep your software up to date, especially with security patches. It does look like you are trying to blame oscomerce, as you wrote the name in capitals, because you got hacked. That really isnt the case. It the software is updated and backups taken the software works fine, with no problems.

[MrPhil]

Everything on my website was backed up, except for OSCOMMERCE.  I was unaware that it COULD be backed up.

 

Say what? What made you think it wasn't possible to back up the files? Are you relying on some sort of built-in backup function for an application? FTP will do just as well. Anyway, the files are replaceable (with a fresh copy of osC) except for the product images, but the database is irreplaceable (where all your data is, except for the images). There is no need to spend a lot of money to "clean" your files, because they'll never find everything anyway.

 

 

Or do I need to simply pitch it all, call OSCOMMERCE a bad dream, and cut my losses?

 

A temper tantrum is no way to solve your problems. If you didn't bother to back up your complete site (including osC), you'll have the same problem with any other ecommerce software. Get your head on straight, and vow to make (and test) regular backups of your complete site and its database(s). Consider it a lesson learned the hard way.

[Jack_mcs]

@@Gary Tayman There's no easy way to clean this up if you don't have a backup. While the price your host mentioned is not unreasonable for such a problem but it sounds like they are just going to replace files that show up in a search as suspect. That is a very bad way to clean the code and will almost certainly cause problems in the shop. Also, the hacker may have, most likely did, uploaded files to allow him a way back in. Such files don't always show up in a mass search. So if you are going to pay someone to do this, I suggest you have someone experienced with oscommerce and security problems do it. They should be able to find files that don't belong as well as clean the other files. I also suggest the following:

 

1 Install SiteMonitor. It is meant for exactly this sort of problem. If it had been installed, it would have sent you an email letting you know what files were added and changed. That makes cleaning up much easier.

 

2 Check your site with my security tester. All of the work you do to clean up the hacker files won't do any good if the way he got in is still there. The tester will check for common problems but may not find the actual security hole.

 

3 Check your sites access log (you may have to have your host do this) to find the IP of the person that did this. Ban that IP and then look up its location. If it is from a hosting company, contact that hosting company and report the hacking.

[ozEworks]

We've cleaned up lots of hacked sites.   $250 is a bargain if your site is as bad as you say.