Help urgently needed. Website is being hacked!

**mrGinger** · 03-06-2011, 11:39 PM

Hi,

I have to admit to knowing virtually nothing about osCmax, I am in a bit of a fix and I need some advice from anyone kind enough to offer it.

A very good client of mine recently asked me to host and look after a website for them, being a very good client I didn't feel that I could refuse. A month or so after adding this site to my dedicated server I realised all is not quite right.

It appears that someone is abusing a vulnerability in the site and they are managing to add some code to the top of the main index.php file of the site whenever they wish.

I am not 100% sure which version of osCmax the site is running but I have found the following code in the includes/application_top.php so I assume that it is version 2.0?

// define the project version
define('PROJECT_VERSION', 'osCMax v2.0');

I have had a really good look around the oscmax.com site and the forum but I can't find a security section or any advice about where I can find a security patch and how I can apply it to the site. Can anyone help?

This site is getting hacked pretty much on a daily basis at the moment and any advice on how I can stop this would be very much appreciated.

Yours hopefully.
mrGinger.

**ridexbuilder** · 03-07-2011, 01:04 AM

That is an 'ancient' version and shouldn't be used!
http://wiki.oscdox.com/setting_up_security

**mrGinger** · 03-07-2011, 02:46 AM

Thanks ridexbuilder,

I really appreciate your help.

I have taken care of the immediate issues that I can by following the information in your link but I assume that the best solution is going to be to upgrade to the latest installation. I don't relish the thought of doing this as I am pretty unfamiliar with osCmax and I also don't know if any of the core files were modified during the site build.

Do you know if I am able to upgrade from my current installation up to the latest in one go? or will in need to carry out each upgrade in succession?

If you know of an upgrade guide that would be very helpful.

Thanks again,
Ade.

**ridexbuilder** · 03-07-2011, 02:54 AM

What is the best way to duplicate this site with latest stable oscmax

osCMax v2.0.25 Released

http://wiki.oscdox.com/upgrades

**mrGinger** · 03-07-2011, 02:58 AM

Perfect.

Thanks for all your help.

**pgmarshall** · 03-07-2011, 03:14 AM

Do you have an URL for the site? We might be able to see if there are any obvious mods to the core code ...

To "upgrade" you will need to go through each version (guide is each package) ... but you may find it easier to install a fresh copy of v2.0.25 or you could try v2.5 Beta 3 and migrate the data using phpMyAdmin ... this would allow you to test and break things without effecting the live store. v2.5 is not a stable release yet but it is not far off ...

If you have followed the wiki guide, removed all the malicious code and checked through the folders for stuff that they hide to let themselves in with again - you should be secure. Hopefully the site uses a third party payment provider so there are no credit card details in the dbase.

Regards,