|

Hacked by someone in Eastern Europe
Posted 22 August 2007 - 08:34 PM #1
Even though I deleted that config.php file and uploaded the one on my computer, I still get either redirected again, or I get error messages about connecting with the database.
I am looking over the security questions discussed on this forum, and frankly, they are not very helpful. One answer says read the security section of the forum....which is where the questioner was when asking the question in the first place!
I have spent 6 months getting this cart ready for the client to use, if it is now going to be subject to a hacker - I have wasted my time, and the client is losing money.
I think the cs-cart developers need to be a lot more helpful (as one contributor wrote) on how we can protect our carts. Security attacks seem to be more and more common lately, and we need to know how to stop them.
Rick
Posted 22 August 2007 - 11:40 PM #2
Posted 23 August 2007 - 07:36 AM #3
I have spent 6 months getting this cart ready for the client to use, if it is now going to be subject to a hacker - I have wasted my time, and the client is losing money.
I think the cs-cart developers need to be a lot more helpful (as one contributor wrote) on how we can protect our carts. Security attacks seem to be more and more common lately, and we need to know how to stop them.
Rick
While it is unfortunate circumstances, any webmaster worth their salt would prefer to read into security related articles. For this reason CS-Cart makes users aware of the necessity to change config.php files from CHMOD 666 to CHMOD 644 after installation. At no point should the file be CHMOD 777 or 775. Effectively I'm Certain that they've read your SQL database name and user/password and were able to 'hack' again. This means the database itself has been accessed.
I understand that this may be taken as offensive however it is the reality of running ANY E-Commerce store. On a darker note, can you be sure it was your cart that was hacked? or was it the server itself?
Jesse-Lee
Posted 23 August 2007 - 07:44 AM #4
rwxrwxrwx chmod 777 filename
rwxrwxr-x chmod 775 filename
rwxr-xr-x chmod 755 filename
rw-rw-rw- chmod 666 filename
rw-rw-r-- chmod 664 filename
rw-r--r-- chmod 644 filename
Posted 23 August 2007 - 02:00 PM #5
The config.php file was set at 644
Now, can someone deal with the real issues here?
Posted 23 August 2007 - 02:17 PM #6
and I didnt see anyone call you an idiot.
Posted 23 August 2007 - 02:18 PM #7
I wont make that mistake twice. Good luck!
Posted 23 August 2007 - 02:51 PM #8
No one verified that this was the case- it was just assumed. That felt like an insult - and it didn't resolve anything.
My point has been that people in this forum ask for help and the answers are non-specific. One person asks about security, and he is told to read the security forum. That is the area he wrote the question in? He was obviously reading the security area.
The fact that the cart was hacked, and the config.php file was properly at 644, is an issue for me.
As to there being other causes on the server - that may be the case. But when I open the config.php file that was hacked, and it has the hackers signature all over it says to me that this is where the problem existed.
How he hacked a properly configured file is beyond me - so I was looking for some help here.
I am re-installing the cart - so the evidence is now gone.
Hopefully we can get over the hurt feelings and get down to the business of making this cart secure and therefore usable.
I think this is the best cart on the market for the price, and I don't want to see it get a bad rep.
Rick
Posted 23 August 2007 - 03:28 PM #9
Posted 23 August 2007 - 03:31 PM #10
Posted 23 August 2007 - 05:21 PM #11
Posted 23 August 2007 - 10:04 PM #12
store url (or prior)
hacking message(s) and link to the offender (don't 'hyperlink' it)
store version
php version
sql version
details of the hack itself
serverlogs and/or anomolies
shared server or dedicated?
And for the sake of the argument I personally would hope that all backups are stored offsite.
Posted 30 August 2007 - 11:18 AM #13
Small Engine Parts and supplies
Need Parts for Chainsaws ETC? We have them Obsolete Parts For Homelite McCulloch Echo Poulan
Posted 01 September 2007 - 08:36 PM #14
Posted 23 September 2007 - 01:47 PM #15
Put simply - if your host requires 777 for any reason - ie some function (images etc) will not work properly at 755, then you need a new host if you want security.
I have had a hacker persistantly trying everything they can for weeks now to get into my cart - it's fun to watch but only if your set up right so they can't get in

If you want a recommendation for a good secure host just pm me
UKAV
Posted 19 December 2007 - 07:36 AM #16
I should change these dirs to 755 ?