Uber Hacked osCommerce Site

This week has been one of those weeks that has been absolutely non-stop for osCommerce work. One of the more interesting jobs was to lockdown an osCommerce site that had been the subject of a hack.

As usual, I cleaned the site of the hack, then made a few core code adjustments and installed a few security extras. This included renaming the admin area and setting up a new user for the usual osCommerce login and protcting via .htaccess.

All locked down. And yet…a few hours later I received an email from my client saying the site had been hacked again. Well, I know that’s just not possible anymore, so logged in and found…yes, the files had been hacked.

as I know that the changes I made are secure, the hacker had to be getting in from somewhere else. Checking the log files showed me some interesting info;

The hacker was accessing the webmail of my client – so when I sent my client any info, the hacker was able to read it easily. I instructed my client to remove webmail from his hosting control panel, then set up a hotmail account. I then cleaned the site again, and sent new admin URL and passwords to the hotmail account.

Since then, no more hacks.

So, when you think that it is your osCommerce site that is the problem, it might well not be. Make sure to lockdown EVERYTHING, including hosting control panel, your own computer, etc. Change passwords regularly. If you give your password out to anyone (eg, a developer), make sure to change it again after he has finished work.

Remember – it takes only one dis-satisfied client of your shop to ruin your reputation. Don’t let that happen because of a lapse in your security!

One Reply to “Uber Hacked osCommerce Site”

  1. Gary, in many cases I saw the customer’s PC or browser compromised one or another way. The attacker could monitor basically everything the client was doing.

    I just want to emphasize don’t open email attachments from unknown sources and run js/flash only from sites you really trust. Keep browser settings at the most secure level. Some browsers have plenty of plugins to safely surf the web allowing scripting only from the site you see.

Leave a Reply

Your email address will not be published. Required fields are marked *