Jump to content

Site Just got Hacked


Dodgebill

Recommended Posts

I just wanted to post info on this attack. My homepage got hacked in the past two hours. They posted about 2000 lines of code in the en/home.inc.php table in my database. That's the welcome message. It was not a virus, just a snoop collecting data. There is no sign of who did it. The logs show nothing. I am conacting my host now to see if here is anything else I haven't found yet or any trace of how they got in. Passwords and user are getting changed too. I ahve the latest version of CC4 and I'm on Hostgater and have all security possible enabled. This was not an FTP or cPanel crack. They would show a trace of someone being in there. This was clean, more like an exploit or something.

Just wanted to see if anyone else had gotten hit like this? I'll post the host info when I get it

Lets hope it was just a freak thing, right?

Bill Cooke

Link to comment
Share on other sites

"...in the en/home.inc.php table in my database. That's the welcome message."

A database table? I see an actual file "/language/en/home.inc.php". Could you explain how a database table is involved?

They overwrote the entry in the database. The file you are talking about is the default file. Once you change the Home Page Welcome Message it is stored in the database under CutebCart_lang

I also found the getlogo.php file had been hacked in the image folder.

My host is of little help so far.

Bill Cooke

Link to comment
Share on other sites

I installed a brand new version of Cubecart with no addons and it got hacked as well. A script got attached and turned the store into an Email Spamming Campaign. I wiped out the install and tried again and it happened again within a few days. Not sure what is going on but the company that paid me to set this up is not happy.

Link to comment
Share on other sites

Did you find your evidence of access from the log files? Is this situation mentioned above the same environment that you described in the conversation about "failed to open tmp/session file - headers already sent" in which you said "I own the server. I am the host."

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...