Results 1 to 9 of 9

Thread: Htaccess attack from a Russian

  1. #1

    Join Date
    Jul 2003
    Location
    Pittsburgh
    Posts
    66
    Rep Power
    15

    Htaccess attack from a Russian

    Recently, some one from Russia has been injecting code into my .htaccess file. I have cleaned ip my computer and my oscommerce files to no avail. Its almost I wish I could somehow get a hold of this guy and shoot him with a gun. For over 10 months this person has been injecting new file/htaccess above my htdocs and knocking of my website. Anyone has a clue aon how to block this person from creating htaccess file above my htdocs?

    Thank you in advance.

  2. #2
    Custom User Title tpoynton's Avatar
    Join Date
    Sep 2004
    Location
    Mass
    Posts
    2,177
    Rep Power
    17
    did you change your FTP/OPS/all other passwords?

  3. #3
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    West Virginia
    Posts
    3,443
    Rep Power
    21
    And put passwords together to make passphrases, like what's done here - "That's a Battery Staple" - Passwords for Humans.
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  4. #4
    PowWeb Staff
    Join Date
    Sep 2011
    Location
    Phoenix, AZ
    Posts
    93
    Rep Power
    6
    osCommerce is notoriously insecure - particularly the file manager, which can easily be exploited to upload malicious content, as you seem to be suffering. I'd read the suggestions at the link below with regard to "hardening" the application:
    http://forums.oscommerce.com/topic/3...merce-22-site/
    At the very least, disable the file manager.

  5. #5

    Join Date
    Feb 2009
    Location
    India
    Posts
    174
    Rep Power
    9
    Try adding a .htaccess password protection for admin folder. Then can use the tool at http://www.countryipblocks.net/count...elect-formats/ to block IPs from Russian federation

  6. #6

    Join Date
    Jul 2003
    Location
    Pittsburgh
    Posts
    66
    Rep Power
    15

    Thank you all

    Since the last time I posted here my website has been down, banned by google becaus eof this senseless act of wickedness. So I devoted an entire time to understand what was going on and why this person has chose my site to perpetrate this bullish tyranny. I found our that this person turned website site into a spam machine and was using my oscommerce customer list to distribute spam mails. I received warning from powweb concerning the spamming or else be banned.

    Anyway I have done what I could and the last visit of this rogue resulted in his IP address being banned. I used the OSC_sec.php addon to create this firewall. I also deleted one two files in oscommerce admin panel that this rogue was using to gain entrance. After All thesde and a loss of over $7k, I sat and watched this bastard roam into my site this morning hoping to attack me and low and behold my trap detected his russian rogue ***, banned him and sent him packing with a warning.


    I have cleaned my computer, reformatted my drive with hopes that this individual will not have access to my computer.

    Also I changed my Oscommerce Admin panel to some crap that I believe his Russian Smelling *** cannot decode.

    Thank you all for coming to my aid. I have been unemployed for awhile, my oscommerce site is the last resource to keep buying gas and feeding my little children. I have also contacted the authorities and waiting for an escalation as a branch of the KGB is intolerant to this this and they work with the USA authorities to combat tjis type of crap.

    So Long. Please If can be of help let me know because what I have done to my site seem pretty good for now and I can breathe a sigh of relief knowing that my loyal customers may return.

  7. #7
    Mod.. with bite.. Croc Hunter's Avatar
    Join Date
    Sep 2002
    Location
    Australia
    Posts
    7,332
    Rep Power
    26
    Great to hear from you Song, hope your health is well. Inject access above htdocs is rare, what a pain. Both OSC and ZenCart seem a target, sadly any popular applications are, even these things called iMac. I would have advised you run anti-malware etc on your local system but a format is even better. Happy travels.
    Croc Hunter MSC :

  8. #8

    Join Date
    Jul 2003
    Location
    Pittsburgh
    Posts
    66
    Rep Power
    15

    Thank you Crochunter

    Yes indeed my health is well. I was very angry because I have never seen anything like this.

    For anyone running Oscommerce, go to the contribution section of oscommerce.com, type osC_Sec, download this great addon and secure your store.

    Also search filesafe.php and add this great addon. This will will tell you which files were manipulated by an attacker if they gained access without you knowing

    Also, you can use SUCURI.net to check your site to be sure that you do not have malware. This is a free service and they can check anysite for you including your non oscommerce sites

    Thank you.

  9. #9

    Join Date
    Jul 2003
    Location
    Pittsburgh
    Posts
    66
    Rep Power
    15

    Stop Oscommerce attacks - Cool links

    After a 10 month relentless attack and loss of income I finally warded off an oscommerce hacker and attacker



    http://forums.oscommerce.com/topic/3...ecurity-holes/

    http://www.parorrey.com/blog/php-dev...-being-hacked/

    http://forums.oscommerce.com/topic/3...curity-thread/ <======= I used this thread, Look for =>OSC SEC from Taipo



    The truth is the filemanager.php in old version of oscommerce make them vulnerable to attacks. After I patched up I also deleted filemanager.php because it is useless, only exist as an hacker enabler.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •