Jump to content

hi

Guest

By Guest
in Technical Help

 Share

Recommended Posts

Guest

Guest

Posted
Posted (edited)

Hi all

I seem to have some funky problem going on with my cart and dunno what it is.

my site is Link Deleted by Sir William

What appears to be happening is the page is reloading (look at url at bootom of screen) on all pages that contain the index page.

admin and shopping cart pages ok.

ne1 ne ideas?

Edited by Sir William
Link to comment
Share on other sites

convict Newbie

convict

Posted
Posted (edited)

First look: your site is infiltrated

FF works as you have said, IE caused a problem. You have somewhere at the site point at http://stats4all.cc/fa/tDRCurxSDJGAQ/proc.jar using a IE security hole. Here is a damned infiltration. trust4free.ws spotting too...

Some Java Script redirection here.

ADDED LATER: At the bottom of html i am spotting:

<html><script>s='spawned code-deleted fo rome reasons by me convict';for(i=0;i<113;i++){o+=String.fromCharCode(s.charCodeAt(i)-1);}eval(o);</script>

</html>

Edited by convict
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

First look: your site is infiltrated

Your site does seem to have been hacked. If I were you I would add temporary password protection to your root htaccess file (assuming you run Apache) and then restore your files from a backup. Make sure that you have updated anti-virus and anti-spyware software installed while testing also (you may want to test using FireFox until you're sure the bugs are gone since this seems to be an IE-specific bug).

Question: Did you apply the security patches? Which and when? Make a note of the last modified dates of hacked files so that you can see if the hacking occured before or after you patched your scripts.

Although of course a really good hacker will change those, as well as erase your logs, spawn independent processes that can regenerate their hacked files, etc...

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

So does this mean my site is useless now?

I applied all the patches to my store as soon as they were released?

I have got rid of the script running on the index page is there nething else guys i need 2 do?

Edited by evilhomer
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

So does this mean my site is useless now?

I applied all the patches to my store as soon as they were released?

I have got rid of the script running on the index page is there nething else guys i need 2 do?

Useless? If it seems to be working fine now I assume it's OK. Most hackers just tag you and move on, but some leave unpleasant surprises that show up later.

Since you don't know for sure how they got into your site or what they saw while there, you should definitely change all your passwords immediately (especially your mySQL password, since that's stored unencrypted in your global.inc.php file). You should also look for any other scripts that they may have left on your site (spam scripts or anything else you don't recognize). And you should advise your host so that they can check whether there is anything else (running processes, scheduled crontabs, unauthorized FTP access, etc.) that they may have done that you might not notice.

I've seen a lot of sites hacked, and usually the results are less catastrophic than they could've been.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...