Guest marstoni Posted July 5, 2006 Share Posted July 5, 2006 Hey all, Recently on the 4th a client of mine had their website hacked via 31337 nijna turkish h4x0rs, its running version 3.0.10 of cubecart and nothing else. I've contacting my hosting (site5) and they have not had any other reports of other users cubecart installs being tampered with (it is installable by fantastico). I'm just curious if anyone had heard of something like this. I followed install instructions and the install went perfect. Could this be a cross-site scripting or XSS vulnerability? Even my upload/images is set to 755. SSH shell access isn't even enabled on the account, so it must have been an FTP upload hack (I've only used SFTP) or via one of the cubecart scripts. What happened was it seems they uploaded 2 new files into my doc root, a new "index.html" and a "hackONE.html" file. They were also able to delete all the top level files (such as cart.php, spiders.txt etc) but none of the folders or anything in those folders seemed to be affected nore nothing in the db. I'm sure this was a mass website hack attempt and not specific to this website as they sell handmade jewelry and the site has only been up for a month. I've changed all the sites passwords of course, changed permissions and check logs, what else can I do to find out how this happened and how to make sure it never happens again? Has this happened to anyone else? Any help is much appreciated, thanks. Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted July 6, 2006 Share Posted July 6, 2006 Have a look at this pinned post , some usefull information in there :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.