Post by kpoole » Mon Aug 03, 2009 9:06 am

Hi,
my site was recently hacked. I'm not a programmer, only a web designer but have the help of a programmer. Upon contacting my hosting company they told me the hackers had gone in and inserted iframes. My programmer has since cleaned up the files, so that Google could take the warning off my site, however we are still unsure as to how the hackers got in in the first place, and it is probably just a matter of time before they attack again.
Can any of you provide a suggestion as to how this can be fixed so they aren't able to get in?
My site is such that it does not use the login/password for my customers - we removed that, so it isn't a question of putting these files into another folder outside of publi_html.
Have any of you had this problem? or know how to guard against any future hacks?
thank you,
kb.

Newbie

Posts

Joined
Thu Mar 19, 2009 1:25 am

Post by zeevy » Mon Aug 03, 2009 1:34 pm

May be effected while you uploading the files via FTP.
or
the system from which you used to upload files is infected with virus.

if possible use SFTP for file uploads to minimize the problem of being altered while uploading.

gv

New member

Posts

Joined
Tue Jul 21, 2009 8:08 pm

Post by gichuru » Mon Aug 03, 2009 4:58 pm

This is of great concern to me, does anybody else know of a vulnerability in opencart? I hope we can work to secure this good software together.

Newbie

Posts

Joined
Sat Aug 01, 2009 2:06 pm

Post by readyman » Mon Aug 03, 2009 6:47 pm

My site is such that it does not use the login/password for my customers - we removed that, so it isn't a question of putting these files into another folder outside of public_html.
How did you 'remove' it... how do customers 'login' now? Can you pm me and I might be able to tell you if your site is open for attacks.

http://www.alreadymade.com
Follow me on twitter.com/alreadymade


User avatar
Global Moderator

Posts

Joined
Wed May 20, 2009 5:16 am
Location - Sydney

Post by itrends » Mon Aug 03, 2009 8:46 pm

This is highly unlikely to be anything related to open cart.

This will be due to write permissions / a cpanel exploit or similar on the server.

The hackers look for common files that are writable to gain access to the host.

They then look about for any template files (not just open cart) where they can insert iframe code to inject stuff via the browser to other peoples computers etc.

There is plenty in google about this that may help. I would look about to see if anyone else has had issues on the particular host that you use.

Active Member

Posts

Joined
Tue Jul 14, 2009 7:54 pm

Post by MikoElSuperbeasto » Tue Aug 04, 2009 12:31 am

Hi,

First, i'm french..so sorry ! I got the same attack in all of my site (i'm a web developper...i've got many site online). If you want to remove this virus/attack, you will need to first scan your computer with anti-virus and anti-spyware/malware twice (suggest to make it in "safe-mode"). Once this step is done, you will need to search in all, and ALL, of your online files for the <iframe> attack and remove it. If you forget somes files and the iframe is always in..you will get the attack once again. After making all the file checkup, change your FTP account and password. Last step, you will need to contact Google to scan your website to remove the advertissement.

Here some usefull info :

http://www.guardian.co.uk/technology/20 ... ity.google
http://arstechnica.com/security/news/20 ... o-kill.ars
http://www.softpanorama.org/Malware/Mal ... tack.shtml
http://www.spywareremove.com/removeMalIframe.html
http://www.iframehack.com/blog/


And have luck, I had really big problem removing this virus from my computer and website.. hope you made a backup of your site before. For more info, try searching "iframe attack" in google.


**This attack is not coming from Opencart, hosting provider or else, it's something in your computer..virus..spyware/malware


Posts

Joined
Fri May 08, 2009 9:42 pm

Post by Daniel » Tue Aug 04, 2009 5:10 am

this is not down to opencart its most likly down to you not having a strong enough password.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by readyman » Wed Aug 05, 2009 3:30 pm

What was changed by the hackers? I think you should analyze what was changed to see where the attack could have come from. Depending on the changes you should be able to point to how the changes could have been made.
If they were file based changes, then your computer probably inserted the code via malware or spyware.
If they were database changes, then your template designs or the customization you've done has opened a security hole in opencart to allow injection from the browser when using your site or maybe someone guessed your username and password.

If it's not a large file, please feel free to zip it up and email it to me and I'll run some hacking attempts on it to see if the code is open to attack.

http://www.alreadymade.com
Follow me on twitter.com/alreadymade


User avatar
Global Moderator

Posts

Joined
Wed May 20, 2009 5:16 am
Location - Sydney

Post by Daniel » Wed Aug 05, 2009 5:46 pm

most likly the hack was done through your hosting company.

I have had ths done before through 2 web sites. It would take to long doing each site indivdually.

Once they get in the upload a banking script and send out spam mail or add some code into your script.

Again I don't think this hack will be done via opencart. You hosting company will have a administration or billing section that would be easier to hack with a list or usernames and passwords for all there sites.

you can check what IP's have had access to your admin by lookign at your error logs.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by piseth » Thu Nov 12, 2009 2:05 pm

Hello,

II just upgraded my store from 133 to 134 then i see my shop as normal but in Admin there is a warning of malware attack. Can you advise how to clear the warning?

Piseth

Piseth
Phnom Penh, Cambodia
http://www.cambodia365.com


User avatar
New member

Posts

Joined
Sun May 03, 2009 4:20 am
Location - Cambodia

Post by deeve » Thu Dec 03, 2009 8:20 am

I just noticed tonight that the Google Chat iframe on my client's site was missing & in IE8 it now shows an error in its place saying:
This content cannot be displayed in a frame.
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
What you can try:
Open this content in a new window
It was working fine up until today - I also noticed the same error on Qphoria's site. Any ideas whether it's connected to what's been discussed in this thread or maybe a Google precaution as Chat is still a Beta project & don't imagine Q has the same webhost as my client?

Active Member

Posts

Joined
Tue Oct 20, 2009 4:31 pm

Post by deeve » Thu Dec 03, 2009 8:53 am

Just found this info on subject:
http://blog.futtta.be/2009/12/02/google ... e-options/

and this about Google News module, which led me to it :
http://www.simplyraydeen.com/authors/12 ... he-problem

Active Member

Posts

Joined
Tue Oct 20, 2009 4:31 pm
Who is online

Users browsing this forum: No registered users and 28 guests