Time Out! Forcing people to log in!

[michelle]

Hi Guys!

My website has been working fine for ages, suddenly people started seeing what was in other peoples baskets, and other peoples details!
At this point I only had Prevent Spider Sessions set to True under Configuration > Sessions. Everything else was false.

The following settings now apply:
Check SSL Session ID > true
Check User Agent > true
Check IP Address > true
Prevent Spider Sessions > true
Recreate Session > true

BUT even though people can't see other peoples details now, if you are looking at a product for 10 seconds or more it takes you to the log in page, or if you are logged in, logs you out and takes you to the log in page!

Please help! Thanks Michelle x

[michael_s]

Sounds like you have some serious problems. You may want to check to see that your site was not hacked. If you are using an older version of osCommerce, it is very likely that your site has been hacked.

See this for security best practices:
http://wiki.oscdox.com/setting_up_security

[michelle]

ok, thanks for your reply. will look over this link.

Can I upgrade to recent version of OSCMAX?
Is this a complicated process as I don't want to loose what i've done to my site, as far as extra add-ons etc I haven't added any as i'm not that experienced with advanced coding, it's mainly design changes, and layout changes, as i'm a graphic designer!

If I upgraded would this solve some of the security issues?

thanks

Michelle

[pgmarshall]

Which version are you running at the moment?

The templating system should allow you to move all of your work fairly painlessly to the new version (assuming you haven't done many coding changes)

Do you have an URL for your site ...

Regards,

[michelle]

Hi,
Thanks for your post, it's Birdy's Boutique

I'm not sure why all these problems started occurring!

any help would be great, thanks

Michelle

[pgmarshall]

My website has been working fine for ages, suddenly people started seeing what was in other peoples baskets, and other peoples details!

This sort of behaviour tends to mean that you may have been hacked! Don't panic! I am sure that we will be able to get you back to normal if you have ...

Have you checked your files to see if anyone has editted any of them recently (ie. not you!)

Have you change your password recently? I mean all of them ... FTP, Admin, Web Provider, etc.

Regards,

[michelle]

that's a relief... i was starting to panic!

Well i'm not sure which files to check, i'm not brilliant at coding, i'm not sure i'd know what I was looking for? or if they were wrong?

I haven't changed my password recently either. Should I?

Up until the last few weeks, i've been really promoting the site, so it's only recently i've had alot of people going on and registering/buying.

Thanks

Michelle

[pgmarshall]

You need to make sure that you change your password frequently! And you need to make sure they are difficult ones too ... I don't want to hear that your password is Birdy1 or anything like that! Letter and numbers ...

Now, it is not worth changing all these password if someone already has access to your site so you will need to have a look and see if any of your files have been changed recently. Use a FTP program to look through the latest save dates or ask you host to have a look for you.

You also need to move your admin folder as this is a common way for people to find the files they need to hack your site. The Wiki page I wrote should guide you through this.

Otherwise, if this all sounds too awful to comprehend - it might be worth messaging RidexBuilder on this forum who I know does work for people who are less technically minded (based in scotland).

It may well be that your site is fine but anyone who says "things started happening on their own invariably ends up finding that hackers have been at play"

Edit: Also you are posting in the osCommerce forum not the osCMax fourm ... I am sure a nice moderator will move this post for you ...

Regards,

[michelle]

hello, i found out the problem...i have been hacked with this:

eval(base64_decode("JGs9MTI0OyRtPWV etc etc lots of letters and numbers...

i feel violated! Some people have said to remove this from the php files.

I don't feel confident enough to delete all my files and reload and I don't think my backup is very recent! ): I have the time to go through the files, but is just deleting this string enough?

thanks!
Michelle

[pgmarshall]

Okay ... at least you now know what the problem is. base64 is a common hack ... there is more info on the Wiki here.

First things first ...

You need to remove all this extra code from your store ... it can get into every file ... so do you have a backup of your site from before this started?

You are currently running version 2.0RC3 (I think!) which is quite old and there have been a number of security fixes since this happened.

Have you changed much of your store coding or is it nearly all graphical changes to the templates? If so, it may be best to take this opportunity to upgrade your store to the latest version rather than patch the security holes.

Check your PC for keyloggers or trojans using some anti-spyware software ... details in the Wiki.

Once you have removed the code you need to change ALL your passwords and I mean ALL of them ...

Then you should be back on the straight and narrow ... but you will need to apply the security updates ... hence my comments about upgrading to osCMax 2.0.4 ... Otherwise, they will be straight back in ...

Looking at your site you appear to be using PayPal? Are they are doing the payment processing for you? Ie. You don't collect credit card numbers ... If so, your customers bank stuff should be safe ...

Overall, you need to remember you are not alone, almost every eCommerce store on the web, irrespective of the platform gets hacked. Too many people out there with nothing better to do!

Regards,