So, you’ve been hacked. Now what? Every, and I do mean EVERY day, I see this question come up in the osCommerce forum or from someone emailing me to ask advice about it. So, here’s the lowdown on what you need to do;
1. NUKE your entire osCommerce site.
2. Restore from a known good backup.
3. Lockdown the site so the hack cannot happen again.
Easy as 123.
But, Gary, I’m about to cry because I don’t have a backup…
In this case, you need to determine how much work you have put into your osCommerce site. If it’s plain jane oscommerce with maybe a new logo and a couple of contributions, then the easiest way is to simply carry out #1, then upload a new osCommerce, then carry out #3. If you have done major work in your osCommerce site, then you need to go through EVERY file, line by line to ensure there is no hacker code present. You also need to delete any file that you do not recognise as osCommerce. Then forget #1, forget #2 and carry out #3.
So, Gary, how do you lockdown a site?
Follow the instructions in this thread.
But Gary, I don’t think I can do that, it looks like a big job. I don’t know osCommerce well enough to know what should be there and what shouldn’t…
Pay a professional to do it for you. There are a handful of people on the osCommerce forum who can achieve all this for you, at low cost, and rapidly – within a day, your site can be cleansed and locked down. If you want a recommendation on just who is able to do this, email me.
IMO for the majority of the hacks, there are 2 items, merchants should do
1. Lock down the admin folder from the host’s cpanel, in other words password protect the admin directory.
2. Make sure you have a clean system when connecting to your server.
Item-2 is overlooked a lot. If you surf the net with javascript/activex etc., enabled all the time you are careless. Only allow scripting to be originated from sites you really trust. There are various browser plugins to take care of it. If the browser or system you use is compromised it doesn’t matter how you locked the server they can get in because you can.
Other than that a lot of what mentioned in the osC forum thread how to secure a store, has very bad effects, including: breaking the site, removing osCommerce features and not allowing customers or spiders to enter, thus losing sales.