Troubleshooting Hacked Oscommerce
First things first,
Oscommerce is a good software and we use it. Some old version that we have got hacked (before I get in to the company)
To check what files are compromised check the dates of the files thiis is the most important since ou will see what are modified.
The fastest way I did was to grep -r 'base64' * since the hacker injected some encrypted code it the files this will let you see what files have the code. I'm not a guru though. delete the lines that shouldn't be there
Also they put codes in .htaccess and this will let your website redirect to some other sites .ru site
Check also you php.ini since they also get inside of that and put this base decode blah.
secure your tmp folder and chmod your file to 755.
Also the last measure is to auto block the ip addresses that do lots of connection via anti ddos (dosdeflate)
Well then after that hopefully the hackers will get angry and ddos your site till it gets down :)
Oscommerce is a good software and we use it. Some old version that we have got hacked (before I get in to the company)
To check what files are compromised check the dates of the files thiis is the most important since ou will see what are modified.
The fastest way I did was to grep -r 'base64' * since the hacker injected some encrypted code it the files this will let you see what files have the code. I'm not a guru though. delete the lines that shouldn't be there
Also they put codes in .htaccess and this will let your website redirect to some other sites .ru site
Check also you php.ini since they also get inside of that and put this base decode blah.
secure your tmp folder and chmod your file to 755.
Also the last measure is to auto block the ip addresses that do lots of connection via anti ddos (dosdeflate)
Well then after that hopefully the hackers will get angry and ddos your site till it gets down :)
Comments