Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Hacked by someone in Eastern Europe Rate Topic   - - - - -

 
  • rweiss
  • Junior Member
  • Members
  • Join Date: 01-Mar 07
  • 9 posts

Posted 22 August 2007 - 08:34 PM #1

My cart config.php file was hacked and it caused the viewer to be redirected to a message board in Eastern Europe.

Even though I deleted that config.php file and uploaded the one on my computer, I still get either redirected again, or I get error messages about connecting with the database.

I am looking over the security questions discussed on this forum, and frankly, they are not very helpful. One answer says read the security section of the forum....which is where the questioner was when asking the question in the first place!

I have spent 6 months getting this cart ready for the client to use, if it is now going to be subject to a hacker - I have wasted my time, and the client is losing money.

I think the cs-cart developers need to be a lot more helpful (as one contributor wrote) on how we can protect our carts. Security attacks seem to be more and more common lately, and we need to know how to stop them.

Rick

 
  • upixar
  • Junior Member
  • Members
  • Join Date: 05-Jun 07
  • 11 posts

Posted 22 August 2007 - 11:40 PM #2

Your config file seems to be having permissions 777. Try to change permissions to 644.

 

Posted 23 August 2007 - 07:36 AM #3

I have spent 6 months getting this cart ready for the client to use, if it is now going to be subject to a hacker - I have wasted my time, and the client is losing money.

I think the cs-cart developers need to be a lot more helpful (as one contributor wrote) on how we can protect our carts. Security attacks seem to be more and more common lately, and we need to know how to stop them.

Rick


While it is unfortunate circumstances, any webmaster worth their salt would prefer to read into security related articles. For this reason CS-Cart makes users aware of the necessity to change config.php files from CHMOD 666 to CHMOD 644 after installation. At no point should the file be CHMOD 777 or 775. Effectively I'm Certain that they've read your SQL database name and user/password and were able to 'hack' again. This means the database itself has been accessed.

I understand that this may be taken as offensive however it is the reality of running ANY E-Commerce store. On a darker note, can you be sure it was your cart that was hacked? or was it the server itself?

Jesse-Lee
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 
  • argentice
  • Senior Member
  • Members
  • Join Date: 11-May 07
  • 383 posts

Posted 23 August 2007 - 07:44 AM #4

FYI....

rwxrwxrwx chmod 777 filename
rwxrwxr-x chmod 775 filename
rwxr-xr-x chmod 755 filename
rw-rw-rw- chmod 666 filename
rw-rw-r-- chmod 664 filename
rw-r--r-- chmod 644 filename
Rob

 
  • rweiss
  • Junior Member
  • Members
  • Join Date: 01-Mar 07
  • 9 posts

Posted 23 August 2007 - 02:00 PM #5

One person suggests the my config.php is 777 and you all jump on the bandwagon saying what an idiot I am. When did anyone verify that this was the issue?

The config.php file was set at 644

Now, can someone deal with the real issues here?

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 23 August 2007 - 02:17 PM #6

Do you have any other software running on the server? you're not giving us much info here.

and I didnt see anyone call you an idiot.
Pimpin' skins since v1.0

 
  • argentice
  • Senior Member
  • Members
  • Join Date: 11-May 07
  • 383 posts

Posted 23 August 2007 - 02:18 PM #7

Nobody called you an idiot. There was no bandwagon, just an offer of advice which was thrown back in my face.

I wont make that mistake twice. Good luck!
Rob

 
  • rweiss
  • Junior Member
  • Members
  • Join Date: 01-Mar 07
  • 9 posts

Posted 23 August 2007 - 02:51 PM #8

Idiot may have been a strong reaction - but the implication was that I had left the config.php at 777 - which any webmaster worth his/her salt would no better than that.

No one verified that this was the case- it was just assumed. That felt like an insult - and it didn't resolve anything.

My point has been that people in this forum ask for help and the answers are non-specific. One person asks about security, and he is told to read the security forum. That is the area he wrote the question in? He was obviously reading the security area.

The fact that the cart was hacked, and the config.php file was properly at 644, is an issue for me.

As to there being other causes on the server - that may be the case. But when I open the config.php file that was hacked, and it has the hackers signature all over it says to me that this is where the problem existed.

How he hacked a properly configured file is beyond me - so I was looking for some help here.

I am re-installing the cart - so the evidence is now gone.

Hopefully we can get over the hurt feelings and get down to the business of making this cart secure and therefore usable.

I think this is the best cart on the market for the price, and I don't want to see it get a bad rep.

Rick

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 23 August 2007 - 03:28 PM #9

Do you have server logs? from the date you saw the hack appear? That could tell you some things.
Pimpin' skins since v1.0

 
  • TonyK
  • Member
  • Members
  • Join Date: 03-Mar 06
  • 1686 posts

Posted 23 August 2007 - 03:31 PM #10

You also left off the cart version, you're using.
Pimpin' skins since v1.0

 

Posted 23 August 2007 - 05:21 PM #11

Is this site on a shared server? How many other site are on the server?

 

Posted 23 August 2007 - 10:04 PM #12

I personally don't intend to offer any more help on this subject however it would be more useful in the future to offer the following information:

store url (or prior)
hacking message(s) and link to the offender (don't 'hyperlink' it)
store version
php version
sql version

details of the hack itself
serverlogs and/or anomolies
shared server or dedicated?

And for the sake of the argument I personally would hope that all backups are stored offsite.
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.

 

Posted 30 August 2007 - 11:18 AM #13

it is possible if someone is on a shared hosting account such as go daddy for example or some other cheap hosting company they can use what they call proxys which is getting to your site by using a backdoor entrance this could be what happened to you im no expert in coding just someone that has read alot on forums
Calvin
Small Engine Parts and supplies
Need Parts for Chainsaws ETC? We have them Obsolete Parts For Homelite McCulloch Echo Poulan

 
  • shazer7
  • Member
  • Members
  • Join Date: 28-Apr 06
  • 80 posts

Posted 01 September 2007 - 08:36 PM #14

I was the install.php file deleted after the install, because this happen to me I upload the cart on a test server and did not remove the install.php and someone come in that way.
Current version: 1.3.5-sp1

 
  • UKAV
  • Junior Member
  • Banned
  • Join Date: 08-Jun 07
  • 19 posts

Posted 23 September 2007 - 01:47 PM #15

If you have ANY folders set to 777 then a hacker can run their own script from there and harvest/screw with pretty much anything they like. Mass hosts such as godaddy are really bad for this as their servers are set up as owner=nobody as default.
Put simply - if your host requires 777 for any reason - ie some function (images etc) will not work properly at 755, then you need a new host if you want security.
I have had a hacker persistantly trying everything they can for weeks now to get into my cart - it's fun to watch but only if your set up right so they can't get in ;)

If you want a recommendation for a good secure host just pm me


UKAV

 

Posted 19 December 2007 - 07:36 AM #16

I noticed looking through my files that the directories catalog, skins, var are all set to 777, the rest of the dirs are 755 and files in the root of the site are 644.

I should change these dirs to 755 ?