New Hack?

**kerryanne** · 07-28-2010, 12:15 AM

I have had 2 clients in the last couple of days whose main page has been deleted.

One client edited their page before I could see what was put in its place, the other clients had code I did not understand but looked to be cookie grabber type code.

Is this a new hack going around?

**pgmarshall** · 07-28-2010, 12:50 AM

Post the code that was put up on their site so we can take a look.

Have you done the usual security proceedures ... renamed admin, .htaccess, permissions, etc. ?

Are they running any other php software on the server?

Which version of osCmax are you running?

Regards,

**kerryanne** · 07-28-2010, 01:02 AM

I dont have a copy of the code but it was similar to if f[open] and the word cookies alot.

Yes all security measures have been taken on both sites bar the renaming of the admin folder which has now been done.

There is no other php software on 1 clients server, the other uses phplist

The version is 2.0 and I am currently trying to find out where and how to upgrade to the latest version.

Do you know if I can just follow these instructions? http://wiki.oscdox.com/upgrades

**pgmarshall** · 07-28-2010, 01:06 AM

If you are running 2.0 RC4 or anything below 2.0.4 ... you need to get rid of the filemanager and define languages files as these are known security holes ...

The fix is easy - just delete the files ...

Regards,

**kerryanne** · 07-28-2010, 01:11 AM

Those have been removed already

**pgmarshall** · 07-28-2010, 01:50 AM

Good!

I have not heard of any new security issues on any of the osCommerce forks ...

Without more info on the code inserted we are not going to get much further ... so you will just have to check your sites for new files ... change your passwords ... etc.

What do to when you have been hacked.

Regards,