Strange Checkout Error Check this if you want to pay with different payment method

[michael_s]

Ok, you need to do some housekeeping:

1. Make sure no other vulnerable scripts are running on the account. osCmax can be hacked using another script to do the dirty work.

2. Make sure you don't have any test copies of osCmax installed anywhere on the account even if you don't use them. If they are not patched, they also can be used to hack your live cart.

3. Search and clean the entire account for backdoors left behind. Typically a hack will also hide files so they can get back in after you have tried fixing.

The best course of action is to back up the existing file set, then wipe it clean from the server - deleting everything. Then upload a clean new copy of your site from an un-compromised backup, that you know for a fact is clean.


The main thing to remember here is that you missed something.

[surfmaster]

greetings, i came here on your forum searching for the same problem, and i have seen that an oscommerce of a client of mine was affacted by that hack. I replaced the checkout_payment.php files whit a genuine one and i setted the permission to that file to 444 as for the config.php files. Now i have used the Threat Monitor to chek if something else is wrong and it give me a lot of alert on permissions saying to set it to 644 but if i do so any page of the websites will be displayed (can u tell me at least whic files need necessary the 444?). Another thing is the Potential Threat scanner that find some files whit double extension, is that dangerous?
I deleted a files that was a known virus too, something like flops.php (i think that was something releated to the credit card hack)

can u pls help me to fix those stuffs?
thanks in advice

Paolo

edit: last things, can u tell me how to make the osc more secure? maybe a link to some procedure?
forgot to say that my oscommerce is v2.2 rc2
thanks

[ridexbuilder]

can u tell me how to make the osc more secure? maybe a link to some procedure?
forgot to say that my oscommerce is v2.2 rc2

You're posting this in the 'Max section! There IS an osCommerce section.
Read the osCMax wiki on improving security.

[ridexbuilder]

Threat scanner that find some files whit double extension, is that dangerous?

Depends, though no is the simple answer.
Do a Google search on Linux permissions, plus mod_security, plus suhosin to better understand why some (not all) should be set to 444

[surfmaster]

You're posting this in the 'Max section! There IS an osCommerce section.
Read the osCMax wiki on improving security.

ops sorry for postin in the wrong section, and thanks for your reply, btw i checked the double extension files, and are good files that i need for some smtp classes. I have renamed the admin folder and i have done some chenges at the application_top and login as sad in this topic Security issue with admin directory - osCommerce Community Support Forums ; now i need to set the permissions, i have tryed use the Check_permissions addon but i think that whit my version it isn't working, so anyone could be so kind to link me a list of the files that need to be 444 to prevent hacking, or do u wanna me to post in the other section?

thanks for the help