hacker attack

[www.gamedash.co.uk]

Hi our front end admin panel was hijacked by hackers last week. Managed to get the password and email reset with hostrockets help and couldn't see any damage apart from images missing which we are still reinstalling.
Got two emails today from wellsfargo bank though and it seems that pshing files were put into our files.
Have located one of them but it shows as o bytes and cannot be opened or deleted. Using aceftp for file transfer and management. Any ideas how best to proceed.
Paul
Gamedash

[michael_s]

The best way to proceed is to first find and close the hole used to hack your site. If you are using an older version of osCommerce, there are quite a few holes. Have your host backtrack the hack to find the source.

Second, keeping only your configure.php files, refresh all your osC files from a backup made prior to the hack.

Third, throughly check your account for any files that should not be there and remove them. If you cannot remove them via ftp, have your host remove them for you.

[www.gamedash.co.uk]

Thanks. Have managed to destroy the offending file but will certainly go through the steps mentioned to secure the site. The file was in images and I think I read somewhere that the hackers replace your images with a program. There should be a simple fix to specify that images can only be a cerain type of file.
Any idea where the download is.
running PHP Version:4.3.11 (Zend: 1.3.0)
if that helps.

[Autoegocrat]

I don't know if they actually replace your image with a program, but I caught someone trying to place phpRemoteView in my images directory under the filename "down.php"...