Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Index files hacked Rate Topic   - - - - -

 
  • flasher
  • Senior Member
  • Members
  • Join Date: 26-Sep 05
  • 335 posts

Posted 22 June 2009 - 12:25 AM #1

1.3.4 and this times looks like an automated iframe hack. Every index file in every folder was a iframe message. I did have back ups but happened at 4 am and then by the time I fixed by noon google already picked up the iframe instead of description and possibly knocked me down a little

 
  • Noman
  • Senior Member
  • Members
  • Join Date: 29-Oct 07
  • 526 posts

Posted 22 June 2009 - 12:29 AM #2

We are on 1.3.5 SP4 these days. Check your server first, logs then upgrade your CS. Give us some more info about what happened before blaming on CS.

 
  • flasher
  • Senior Member
  • Members
  • Join Date: 26-Sep 05
  • 335 posts

Posted 22 June 2009 - 12:33 AM #3

I do not think it was CS and may be a random thing, I am trying to get the iframe message again to post but it is a wakeup call for me and keeps me on my toes with backups and rankings, it could be as you clime the ladder up someone takes you back down in rankings.
The only thing is I really like 1.3.4 and have tested the newer versions and is ok but the 1.3.4 is fast and for our customers very easy to navigate

 

Posted 22 June 2009 - 12:52 AM #4

http://www.lunarforu...o-t52551.0.html
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 
  • S-Combs
  • Senior Member
  • Members
  • Join Date: 09-Nov 06
  • 692 posts

Posted 22 June 2009 - 01:22 AM #5

That was most likely caused by a malware/worm located on your computer or someone elses' who has recently accessed your server.

There are many variations of that exploit and some of the older versions did infect the entire server from a single account via a weakness in security so you should advise your host so they may scan other accounts.

The most recent variations are as Jesse linked to above and are caused by simply logging into your FTP account or control panel using an infected machine.

It is very important that you change your access information asap because others may now also have this information. You should also completely replace any existing files on your account if possible with a backup because, other exploits may have been added to your files if someone did in fact obtain your login info.

Good luck
Secure Cart Hosting
[CS-Cart Optimized Solutions and Server Management]

 
  • joe
  • Senior Member
  • Members
  • Join Date: 06-Jan 09
  • 824 posts

Posted 22 June 2009 - 01:52 AM #6

That was most likely caused by a malware/worm located on your computer or someone elses' who has recently accessed your server.

There are many variations of that exploit and some of the older versions did infect the entire server from a single account via a weakness in security so you should advise your host so they may scan other accounts.

The most recent variations are as Jesse linked to above and are caused by simply logging into your FTP account or control panel using an infected machine.

It is very important that you change your access information asap because others may now also have this information. You should also completely replace any existing files on your account if possible with a backup because, other exploits may have been added to your files if someone did in fact obtain your login info.

Good luck

Hi Scott, congratulations on your new website design!!!

I love your favicon...
PM me for custom project

 
  • flasher
  • Senior Member
  • Members
  • Join Date: 26-Sep 05
  • 335 posts

Posted 22 June 2009 - 02:32 AM #7

Yes I had my host replace entire contents and changed passwords for sure, but what freaked me out is Google. I was testing searches and everywhere our site was listed is a description and or keywords but within hours under our sites was the iframe and no description so Google grabs info quickly and hopefully keeps us up and not knock us down because of this.

 

Posted 22 June 2009 - 02:59 AM #8

Yes I had my host replace entire contents and changed passwords for sure, but what freaked me out is Google. I was testing searches and everywhere our site was listed is a description and or keywords but within hours under our sites was the iframe and no description so Google grabs info quickly and hopefully keeps us up and not knock us down because of this.


You'll most likely get hit with customers receiving a malware warning.
Either way it's bad for business. Any occurance of the iframe and I'ld suggest blocking access to your entire site until you have changed passwords, database users and passwords, cleaned out malware references etc.

http://www.seochat.c...or-Big-Brother/
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 
  • flasher
  • Senior Member
  • Members
  • Join Date: 26-Sep 05
  • 335 posts

Posted 24 June 2009 - 12:21 AM #9

I just changed passwords and did a complete restore from day before and I did look at my other sites on same server and they never got hit just my cart. This is just a great reminder of back-up daily or every other day but now I back up daily and ftp a copy of zip file to local hard drive, then if anything happens move a cop of files over and restore

 

Posted 24 June 2009 - 12:27 AM #10

I just changed passwords and did a complete restore from day before and I did look at my other sites on same server and they never got hit just my cart. This is just a great reminder of back-up daily or every other day but now I back up daily and ftp a copy of zip file to local hard drive, then if anything happens move a cop of files over and restore


refrains another opportunity for you to move to CyberLNC:p

I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.