4 Replies to “osCommerce Forum Hacked?”

  1. Gary, I browsed the forum yesterday and today and did not see any problems, everything seems fine. Did you try it from different systems/ips?

  2. Don’t worry, that kind of warning doesn’t mean the site is hacked. What it does mean is that there is an asset on the site that is loaded from a domain that IS flagged as having malware or some hack. This makes sense, since an asset itself can cross the domain protection boundary. For example, if you carry a session id in the url, and an attacker places an image on your site, they can harvest the session id’s (via the referer header) and impersonate your actual users.
    The fix is simple, just remove the reference and you should be fine. If you’re not sure where the asset is loading just view the pages source and search for a reference to the domain.

Comments are closed.