Dodgebill Posted April 14, 2011 Share Posted April 14, 2011 I just wanted to post info on this attack. My homepage got hacked in the past two hours. They posted about 2000 lines of code in the en/home.inc.php table in my database. That's the welcome message. It was not a virus, just a snoop collecting data. There is no sign of who did it. The logs show nothing. I am conacting my host now to see if here is anything else I haven't found yet or any trace of how they got in. Passwords and user are getting changed too. I ahve the latest version of CC4 and I'm on Hostgater and have all security possible enabled. This was not an FTP or cPanel crack. They would show a trace of someone being in there. This was clean, more like an exploit or something. Just wanted to see if anyone else had gotten hit like this? I'll post the host info when I get it Lets hope it was just a freak thing, right? Bill Cooke Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 14, 2011 Share Posted April 14, 2011 "...in the en/home.inc.php table in my database. That's the welcome message." A database table? I see an actual file "/language/en/home.inc.php". Could you explain how a database table is involved? Quote Link to comment Share on other sites More sharing options...
Dodgebill Posted April 15, 2011 Author Share Posted April 15, 2011 "...in the en/home.inc.php table in my database. That's the welcome message." A database table? I see an actual file "/language/en/home.inc.php". Could you explain how a database table is involved? They overwrote the entry in the database. The file you are talking about is the default file. Once you change the Home Page Welcome Message it is stored in the database under CutebCart_lang I also found the getlogo.php file had been hacked in the image folder. My host is of little help so far. Bill Cooke Quote Link to comment Share on other sites More sharing options...
Atechstl Posted April 22, 2011 Share Posted April 22, 2011 I installed a brand new version of Cubecart with no addons and it got hacked as well. A script got attached and turned the store into an Email Spamming Campaign. I wiped out the install and tried again and it happened again within a few days. Not sure what is going on but the company that paid me to set this up is not happy. Quote Link to comment Share on other sites More sharing options...
bsmither Posted April 22, 2011 Share Posted April 22, 2011 Did you find your evidence of access from the log files? Is this situation mentioned above the same environment that you described in the conversation about "failed to open tmp/session file - headers already sent" in which you said "I own the server. I am the host." Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.