site Hacked, questions

**Jokim** · 03-12-2010, 04:29 PM

I am helping someone with their site which has been hacked a few weeks ago. The hacker added a whole paragraph of stuff on top of every page. The first thing I want to do is get rid of this. But I could not seem to find which files has been modified.

At first I thought it might be main_page.tpl.php but that doesn't seem to be it. Whatever has been added seems to be before main_page.tpl.php. But I am not familiar with OSCmax so I am not sure where to start. I know this is only 1 of the problems, but this is my starting point. Any suggestions would be appreciated.

**ridexbuilder** · 03-13-2010, 07:38 AM

If really osCMax 1.7, your best course of action is to install a 'fresh' copy of 'Max 2.0.15 and import the relevant tables of the existing database. Then look to do any required customisation to match the 'old' store.

**malcol27** · 07-26-2010, 10:01 AM

Im not sure simply installing to a fresch copy is the best action. If you do not have all of the correct permissions, etc. set on your site as well as a secure admin your friend may encounter the same problems. In addition if the account is hosted with Cpanel and a standard FTP (as most are) these may be the point of entry. In other words, I would not assume the attacker got into the site via an OscMax vulnerability.

I think if you check the header and footer coding and the includes you might be able to locate the source. a .js file (java) can also include the rogue code that is creating your headache. Unfortunately there are too many ways to create problems like the one you describe to be able to give you an easy answer about exactly where to look.

**ridexbuilder** · 07-26-2010, 10:11 AM

Good grief - You dredged this one up from the past!
Should be long gone by now

Correct to assume that it may not just be osCMax, of course and a wiki has long since been written to assist people with security aspects, relating to running 'Max (and others).
Still stand by, shouldn't be running osCMax 1.7 and in the intervening months there has been quite a few upgrades too!

**malcol27** · 07-26-2010, 08:52 PM

You are right, this is old! I failed to check the date. Hopefully it will still have some use, but I think I better not check the forum until after that 2nd cup of coffee.