Hacking Attack - Store Down

Hello friends.

we had some problems these last few weeks on our website.

We do not know why, but someone enters and modifies the headers of the files by putting the following:


I tried to change the chmod permissions to 644, but neither is.

Someone had this problem?

we use Cs-Cart 1.3.5 SP4

Thhx 4 u help

Website has been hacked, most likely your server:



So… wht c i do ?

Help Plis…

Contact your webshost and tell them to fix it.

I suppose it is only fitting that my first post other than “private messages” around here be one to address a security question.

To all those many of you who invited me here, thanks for the invitation.

To Peniel:

Yes your site has been hacked though that compromise may have occurred through any of several different avenues including (in random order):

1. Exploit of your script software on your site

2. Cross site attack from another account on the same server

3. Vulnerability of the server machine (and that is a long list in itself)

4. Compromise of your password from brute force or other means

5. A trojan virus on your own computer at home (new attack form)

What you posted looks very much like thousands I’ve seen from #5 above where a virus on your own computer injects new headers into files you upload and sometimes uploads to your account on it’s own and also reports your captured passwords to a fairly sophisticated hacker group operating out of China under Russian or European masqueraded identities. However, I have also seen these from cross site injection from vulnerable sites hosted on the same server as the victim and that is also fairly common.

I would not be able to tell you much more without directly examining your site files and activity logs. If you own the server, you are in a much better position. If you are hosted with a shared web host somewhere, I should talk to your host immediately as they may not know how to adequately deal with the issue which may leave your own account and others more vulnerable.

One thing I would definitely do right now is go ahead and scan your computer thoroughly with a good antivirus program and trojan scanners to be safe and make sure you have at least that end covered.

I will talk to you more privately.


You might also want to look into an IDS (intrusion detection system). If you are taking credit cards you need to be PCI compliant and an IDS is required. An IDS can sometimes prevent some attacks from happening.

[quote name=‘jmottle’]You might also want to look into an IDS (intrusion detection system). If you are taking credit cards you need to be PCI compliant and an IDS is required. An IDS can sometimes prevent some attacks from happening.[/QUOTE]

I would agree with jmottle’s statement up to a certain point about getting an IDS which is one of about 10,000 things that you should do for security but that is indeed at least one small step in the right direction.

Regarding PCI Compliance, I strongly recommend everyone NOT just stop there :cool:

Part of my job involves many companies often hiring me to hack their own web servers and steal customer data and so forth and so on.

Perfectly “PCI” compliant servers take me — oh — 10 seconds. :cool:

The very few hackers out there actually at or near my skill level probably wouldn’t be much interested in you unless you were a very large international iconic company so you don’t need to go into a panic.

The point I am making is that none of you out there should have a false sense of security or let your guard down because you got that “PCI” seal of approval. You need to go much further above and beyond that!

Consider “PCI” as just a “minimal starting point” guideline which is really what it is. :wink:


What are some of the things you would recommend to help us be more secure on our websites?