Page 1 of 1

My store was hacked?

Posted: Fri Aug 17, 2012 10:59 am
by ghostdog87
----------solved

Re: My store was hacked?

Posted: Fri Aug 17, 2012 11:41 am
by asphole
What was the issue as your statement about oc being insecure may leave some people concerned. I assume you actually traced the hack to OC and ruled out cpanel/ftp etc?

Re: My store was hacked?

Posted: Fri Aug 17, 2012 11:43 am
by ghostdog87
I contacted arvixe┬┤s support which is the hosting service im using, and they restored the site..
but i was freaking out because an iraqi terrorist image appeared with some weird text and the store was unacccessible for 15 min.
I didnt get much detail about what they did at arvixe to solve it but the restored everyting as it was before, and now the site is working fine

Re: My store was hacked?

Posted: Fri Aug 17, 2012 11:53 am
by asphole
I'd look into that further as its possible that whatever exploit they used has already left backdoors. I had a zencart site hacked a couple of years back and you wouldnt believe how many re-entry points were left. As the hackers hacked in and waited a week or so before doing anything my hosts wekkly backup had all the exploits nicely backed up for them!! I had to go through thousands of files looking for hacker added code and had to rebuild the server to get it clean. I would ask Arvixe how entry was made and ask then to scan the server!

Re: My store was hacked?

Posted: Fri Aug 17, 2012 12:01 pm
by ghostdog87
Can you offer that service for my website? I dont have any programming skills
I need to make it as secure as it can possibly be
Thanks

Re: My store was hacked?

Posted: Sat Aug 18, 2012 10:04 pm
by asphole
Hi ghostdog87,

Unfortunately I just don't have the time I'm afraid as my workload at the moment is crazy stupid! Things you can do for yourself howerver:

Are you on a vps or shared server? If VPS ask your host tor ebuild the server and add as much security as possible. Anti-Virus, Firewall etc. You wouldn't believe how many hosts simply set up VPS with absolutely no security. Also ask to have as many notifications as possible with regard to malicious scripts and logins. My vps is set to email me if anyone logs in. I also get email alerts showing which files are capable of sending email. (Usually a hacker will modify login pages to email themselves whenever an admin changes his password!)

If its shared hosting ask them to confirm in writing that the account is virus/malware/hack free. (Most dont want to put it in writing before ensuring it is!)

With regard to your files. One way is to simply ftp into your site and navigate through each folder looking for files that have been recently modifield. (sort by 'date modified' in ftp software) If you see a file that has recently been changed and you know you didnt do it, download it, open it and look for hacker code. Usually it will be email scripts or heavily encrypted code) To be safe just upload a good clean copy of the file.

If you dont get anywhere with your host let me know and I'll recommend a very good company with excellent support. I'll also let you know which av/scanning software I have installed) I'm just off out but should be online again at some point tonight.

Good luck.

PS:Alternatively I know there are also a couple of very experienced oc users/developers with far more server security expertise than me that may take this on for you so maybe consider posting a request for help in a different sub forum? (I had to learn the hard way!! ie: when a host says your VPS will be secured and have all the latest security on place dont frickin believe them!!) ( over 9 years on shared hosting and no problem, 3 days on a VPS and bam!!)

Re: My store was hacked?

Posted: Sun Aug 19, 2012 12:12 pm
by ghostdog87
Ok! Thanks for the info

Excuse me, do you know whats this

Theres a txt file called robots in public html root, with this text inside

#Begin Attracta SEO Tools Sitemap. Do not remove
sitemap: http://cdn.attracta.com/sitemap/2487390.xml.gz
#End Attracta SEO Tools Sitemap. Do not remove