Good question... I dunno what is the right answer to your question. I'll do some research in Google and get back to you if I discover an answer. You should email the people at Verisign as they probably could answer your Verisign question..
Thanks for the post, but as I stated before I have uploaded a fresh copy of the Verisign website to the server. But that did not fix the issue. Is there someplace else that can be the issue?.
Check your /catalog/images folder and all the sub-folders..
My guess is you'll find a number of "rogue" PHP files you didn't put there..
And I'd also bet they got there because your catalog/images has.
They should be no higher than.
Solution to your problem:.
Go into your ftp and open up your .htaccess files.
If you see something similar to this:.
ErrorDocument 404 //anydirectory/49740.php.
Get rid of that section of code because it is loading ads and a bunch of other bullcrap from 18.104.22.168.
Someone is using you to make ad revenue off your site..
Also remove the "######.PHP" files your .HTTACCESS files are pointing to. In this this case "49740.php".
I hope this helps...
The simple reason why the oscommerce is getting hacked is: Your Verisign hosting provider is not securing properly server as with proper firewall all attempts of the hacks can be prevented. As sever admin I can say that people are trying to hack oscommerce carts and being banned automatically by firewall on all my servers, as for me I am getting the security logs by email about this attempts...
Often the hack comes from harvested ftp passwords. Usually due to a PC based virus on the PC of the ftp user..
And by the way, that hack, is a pretty common one..
This post has been edited by.
: 26 August 2008, 03:26..
I had this prolem yesterday as well. For me, the default cache directory was still being used. Trying disabling cache and see if that doesnt restore to original.....
Just another ? .
In the post install states that admin/images/graphs should be 777 would that afect this and make it easyier.
To hack the Verisign site ? .
Just a thought..
My suggestion is:.
You may want to protect your admin section with a second password..
When I attempt to log into my admin panel, I have to login TO LOGIN..
MEANING, I setup password protection ("for my admin folder") from inside.
My Verisign hosting file manager. So everytime I want to edit my Verisign website from the admin.
Area, as soon as I enter mysite.com/catalog/admin a password box would appear.
("before the actual login page shows up") please note that I would not be able to.
Login until I enter the correct password. When correct password is entered; Then I.
Am redirected to my admin login section..
I know that this isn't the best way to protect your website, but at least it does makes.
It harder for unauthorized people to login or attempt to crack your password. and even.
If one password is cracked, the second password would hold them up until they loose.
Interest ("at least"). As for me, I make it my business to change this second password.
("at least") every week, to provide added sense of security..
But seriously, Consider re-installing your website..
1.locate and erase all rogue files, back up your website.
2.erase your entire host and database.
3.create new host and database w/t new passwords.
4.upload your Verisign website and re-install it, using your backup store tables so your store info remains intact...
5.protect your admin directory with a second password ("from inside your Verisign hosting account-file manager") so you have to login twice to enter your admin section. ('note to everyone.').
Lastly, Please inspect your database tables to make sure that there are not any rogue tables existing on your database..
("in case you can't locate any rogue files.").
This post has been edited by.
: 26 August 2008, 15:34..
I use the login to login check too, I password protected the admin directory (after I'd renamed it as well, and changed the path in configure.php) via my cPanel..
I also use several contributions to keep an eye on things:.
Are the main ones. There's also antixss (anti cross Verisign site scripting) which I haven't installed yet...
Hi could you give me a pointer on how to set up. log in to log in?..
The RC versions of osCommerce contain a database driven login to the osCommerce 'admin' panel. Unfortunately these do not ring alarm bells on the server if someone uses a piece of hacker software known as a "Password Cracker", which runs random combinations of User Name and Password against the login a large number of times per second..
On the other hand if the folder in which the osCommerce control panel is located is Password Protected using your Web Verisign hosting control panel (which uses .htaccess for Apache servers) the attempts to use a Password Cracker against .htaccess files will ring alarm bells on the server, and after X number of attempts the server will automatically block the ip address of the perpetrator (provided the server is set up securely)..
On an RC version of osCommerce this requires a double login - first to get past the .htaccess password protection on the folder, and then to get past the osCommerce login. On earlier MS2 versions only the .htaccess login is required..
BASIC SECURITY PRECAUTIONS.
1. FTP to your Verisign website and rename the osCommerce 'admin' folder to something unique (not admin2 or newadmin)..
2. In your renamed admin/includes/configure.php file change the references to /admin/ to /new_name/.
3. Using your Web Verisign hosting control panel (not your osCommerce admin panel) use it's Directory or Password Protect link to password protect the newly renamed 'admin' folder..
4. No folder should have permissions higher than 755. If your Verisign hosting requires that you use 777 (Full) permissions then find another host..
5. Almost all files should have permissions of 644 and no higher. The two configure.php files will need permissions of 644, 444 or 400 (depending on your server set up)..
I do wish that the osCommerce Forum Administrator would do what Zen Cart successfully does - have a "Recovering From Hacks" Forum with pinned advice on what to do to recover from hacks. Users can also post if they think or know they have been hacked and receive advice from knowledgeable members or Team Members, and even have the ability to email sensitive data directly to Team Members..
Thanks so much, I managed to do that (complete osc noob) at least my Verisign site is a little better protected..
Do you have any other security "must do's" following a standard osc install?..
You make a very good Point. And I seriously agree with you; Vger on your advice. There couldn't be enough ways to protect your investments. and creating a forum board to address such issues would be a wonderful idea. In that way,.
Not only will people be able to post topics and get help quickly; but other oSc users can also learn from the mistakes of others at the same token..
Hacking, Cracking and hijacking is a problem that can never be be resolved, but at least such resources and info sharing.
(on the users end) would be a very great way to counter these problems. (at least).
I seriously think that such a forum would help out the entire community. And I (too) hope that the forum administrators take: Vger's advice into consideration...
It's very simple to create a Login to Login check point..
All you have to do is.
1. Login into your " Verisign hosting account " File manager ("not osc file manager").
2. From inside your Verisign hosting file manager, you can highlight or check the check box next to your admin directory.
3. then Click or select the permissions button and select: "password Protect directory".
4. select add user to create your directory user & password..
And when you are done, you would have to login twice to enter your admin area..
It's that simple...
99.9% of hacks are not osCommerce hacks and it is naive to think they are. They are just Verisign website hacks. It does not matter if you have an HTML Verisign site or a PHP Verisign site or Zen Cart or osCommerce..
They are placing files in vulnerable folders (e.g. the numeric files in the hack above), editing common files such as index.html or index.php (the classic iframe hack) or adding tables to your database (the classic eBay Motors scam)..
If they are specificially hacking osCommerce you can be sure they are either a "ha ha" hack where they hack Admin and modify your catalog or worse restore an old database or they are serious and editing your checkout/payment modules (the classic email me the credit card details hack) which is usually an "in-house" job..
The osCommerce forum cannot be all things to all people. There are lots of security forums out there that address the above and I think that it is good policy for osCommerce store users to be members of them...
I changed the name of the admin folder within OSC. I did this and changed the links in the config file. I goto the new admin login page, put in my usernam and password but I get the following error,.
The requested URL /oscommerce/iadmin/login.php?action=process&osCAdminID=521be1da53d894a146dd2a27bbef6c1f was not found on this server..
Iadmin being the OLD directory name..
Can you help please...
Since I changed the admin folder name and changed the 2 entries in the configure.php file, how come it is still referencing "/oscommerce/iadmin/login.php" as above? (iadmin being the old admin folder name). Are there other files that I need to change?.