PowWeb Forums - The Perfect Community for the Perfect Host  

Register now to interact with over 11,000 members! Registered users have Posting Privileges, free access to Private Messaging, Email Notifications and more.

Go Back   PowWeb Community Forums > The PowWeb Platform > .htaccess / Scheduled Jobs
User Name
Password
Register FAQ Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 3-16-12, 04:24 AM   #1
Song
 
Join Date: Jul 2003
Location: Pittsburgh
Posts: 66
Reputation: 10
Htaccess attack from a Russian

Recently, some one from Russia has been injecting code into my .htaccess file. I have cleaned ip my computer and my oscommerce files to no avail. Its almost I wish I could somehow get a hold of this guy and shoot him with a gun. For over 10 months this person has been injecting new file/htaccess above my htdocs and knocking of my website. Anyone has a clue aon how to block this person from creating htaccess file above my htdocs?

Thank you in advance.
Song is offline   Reply With Quote
Old 3-16-12, 09:29 AM   #2
tpoynton
Custom User Title
 
tpoynton's Avatar
 
Join Date: Sep 2004
Location: Mass
Posts: 2,156
Reputation: 293
did you change your FTP/OPS/all other passwords?
tpoynton is offline   Reply With Quote
Old 3-16-12, 11:19 AM   #3
snowmaker
target='_blank'
 
snowmaker's Avatar
 
Join Date: Nov 2002
Location: Not in Solomons Island.
Posts: 3,283
Reputation: 318
And put passwords together to make passphrases, like what's done here - "That's a Battery Staple" - Passwords for Humans.
__________________
-bruce /* somdcomputerguy */
'If you change the way you look at things, the things you look at change.'
snowmaker is offline   Reply With Quote
Old 3-16-12, 04:03 PM   #4
Jim M
PowWeb Staff
 
Join Date: Sep 2011
Location: Phoenix, AZ
Posts: 93
Reputation: 76
osCommerce is notoriously insecure - particularly the file manager, which can easily be exploited to upload malicious content, as you seem to be suffering. I'd read the suggestions at the link below with regard to "hardening" the application:
http://forums.oscommerce.com/topic/3...merce-22-site/
At the very least, disable the file manager.
Jim M is offline   Reply With Quote
Old 3-20-12, 11:36 AM   #5
shrupa
 
Join Date: Feb 2009
Location: India
Posts: 171
Reputation: 32
Try adding a .htaccess password protection for admin folder. Then can use the tool at http://www.countryipblocks.net/count...elect-formats/ to block IPs from Russian federation
__________________
shrupa is offline   Reply With Quote
Old 4-17-12, 08:23 AM   #6
Song
 
Join Date: Jul 2003
Location: Pittsburgh
Posts: 66
Reputation: 10
Thank you all

Since the last time I posted here my website has been down, banned by google becaus eof this senseless act of wickedness. So I devoted an entire time to understand what was going on and why this person has chose my site to perpetrate this bullish tyranny. I found our that this person turned website site into a spam machine and was using my oscommerce customer list to distribute spam mails. I received warning from powweb concerning the spamming or else be banned.

Anyway I have done what I could and the last visit of this rogue resulted in his IP address being banned. I used the OSC_sec.php addon to create this firewall. I also deleted one two files in oscommerce admin panel that this rogue was using to gain entrance. After All thesde and a loss of over $7k, I sat and watched this bastard roam into my site this morning hoping to attack me and low and behold my trap detected his russian rogue ***, banned him and sent him packing with a warning.


I have cleaned my computer, reformatted my drive with hopes that this individual will not have access to my computer.

Also I changed my Oscommerce Admin panel to some crap that I believe his Russian Smelling *** cannot decode.

Thank you all for coming to my aid. I have been unemployed for awhile, my oscommerce site is the last resource to keep buying gas and feeding my little children. I have also contacted the authorities and waiting for an escalation as a branch of the KGB is intolerant to this this and they work with the USA authorities to combat tjis type of crap.

So Long. Please If can be of help let me know because what I have done to my site seem pretty good for now and I can breathe a sigh of relief knowing that my loyal customers may return.
Song is offline   Reply With Quote
Old 4-17-12, 04:31 PM   #7
Croc Hunter
Mod.. with bite..
 
Croc Hunter's Avatar
 
Join Date: Sep 2002
Location: Australia
Posts: 7,305
Reputation: 449
Great to hear from you Song, hope your health is well. Inject access above htdocs is rare, what a pain. Both OSC and ZenCart seem a target, sadly any popular applications are, even these things called iMac. I would have advised you run anti-malware etc on your local system but a format is even better. Happy travels.
__________________
Croc Hunter MSC :
Croc Hunter is offline   Reply With Quote
Old 4-17-12, 04:58 PM   #8
Song
 
Join Date: Jul 2003
Location: Pittsburgh
Posts: 66
Reputation: 10
Thank you Crochunter

Yes indeed my health is well. I was very angry because I have never seen anything like this.

For anyone running Oscommerce, go to the contribution section of oscommerce.com, type osC_Sec, download this great addon and secure your store.

Also search filesafe.php and add this great addon. This will will tell you which files were manipulated by an attacker if they gained access without you knowing

Also, you can use SUCURI.net to check your site to be sure that you do not have malware. This is a free service and they can check anysite for you including your non oscommerce sites

Thank you.
Song is offline   Reply With Quote
Old 4-20-12, 06:18 PM   #9
Song
 
Join Date: Jul 2003
Location: Pittsburgh
Posts: 66
Reputation: 10
Stop Oscommerce attacks - Cool links

After a 10 month relentless attack and loss of income I finally warded off an oscommerce hacker and attacker



http://forums.oscommerce.com/topic/3...ecurity-holes/

http://www.parorrey.com/blog/php-dev...-being-hacked/

http://forums.oscommerce.com/topic/3...curity-thread/ <======= I used this thread, Look for =>OSC SEC from Taipo



The truth is the filemanager.php in old version of oscommerce make them vulnerable to attacks. After I patched up I also deleted filemanager.php because it is useless, only exist as an hacker enabler.
Song is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 12:01 AM.


Contents ©PowWeb, Inc. ~ vBulletin, Copyright 2000-2007 Jelsoft Enterprises Limited.