Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

My magento site (version1.40) is hacked and my other 2 oscommerce sites are hacked at the same time
 
froogie123
Jr. Member
 
Total Posts:  8
Joined:  2011-03-29
 

The hacker hacked one of my oscommerce sites last week. Today I restored it with more security measures. But just several hours later after the restoration, the just restored site, my another oscommerce site and magento site (version 1.4.0) was hacked too within 2 hours. The hacked sites were linked to a virus site. So I have to close these 3 sites. I was wondering if the hacker is familiar with both of magento and oscommerce weakness?  any suggestions? Thanks in advance!
larry

 
Magento Community Magento Community
Magento Community
Magento Community
 
siteace
Jr. Member
 
Total Posts:  14
Joined:  2009-10-02
 

What do you have your file permissions set as?

Do you have a firewall running?

 
Magento Community Magento Community
Magento Community
Magento Community
 
froogie123
Jr. Member
 
Total Posts:  8
Joined:  2011-03-29
 

fire permission: 644. Firewall: you mean my personal computer firewall or site’s firewall? Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ebuntu
Sr. Member
 
Avatar
Total Posts:  245
Joined:  2010-06-16
Denver, CO
 

Having a firewall will not stop the hacker from defacing or infecting your files with a virus or malware. Security is more than just installing, or placing a server behind, a firewall or some applications. It is highly likely that the hacker accessed your server using an insecure or badly coded Php script/application. I suggest you secure your server/vps and applications. See professional help from www.ServerTune.com

 
Magento Community Magento Community
Magento Community
Magento Community
 
froogie123
Jr. Member
 
Total Posts:  8
Joined:  2011-03-29
 

My web host is blue host. I can’t do anything regarding the bluehost server. I talked them. They said the hack is due to the site (magento and oscommerce) ‘s vulnerability, nothing to do with the server side. Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ben Marks
Moderator
 
Avatar
Total Posts:  452
Joined:  2008-10-09
Charleston, SC
 

@froogie123

It’s often the case with these types of attacks (files changed to include remote javascript) that the “hack” is from a machine with saved FTP credentials becoming infected by a virus.  The virus sniffs the FTP credentials, then looks for index.php, index.html, and .js files to add these malware scripts.  I recommend that you change the FTP/SSH passwords for all of your sites and then scan your machine(s), as well as having any others with access scan theirs, and perhaps opt to not store passwords for these sites.

The other possibility is that weak dictionary passwords were used for all of your sites.

HTH
Ben

 
Magento Community Magento Community
Magento Community
Magento Community
 
froogie123
Jr. Member
 
Total Posts:  8
Joined:  2011-03-29
 

My web hosting company just did a grep on the sites and they said it is a back-door hackes in my home directory. They found many bad files in my sites. I am having some website security company to clean them. But what else? the hacker may be staring at the sites and do the same again. Thanks!

 
Magento Community Magento Community
Magento Community
Magento Community
 
lake_tuna
Member
 
Total Posts:  54
Joined:  2011-03-07
 

I’d like to find out more about the OP’s server set up..

Do you have a dedicated server?
Do you have any other security measure implemented on the server?
Do you monitor your website’s activities?

The reason is that we’re looking into switching to Magento and getting a dedicated server, but we’re afraid of security risk that we didn’t need to worry about right now where our shopping cart provider takes care of all that.

I mean, if we have a Magento store on a dedicated server that we rent out from a decent company, is there anything else that we can really do other than having clean and proper files and secured passwords on our personal computers on which we work? Are we going to be allowed to put some defense software on the serve,r or are there services that the hosting company provides to defend against hacks?

Sorry for hijacking, but I think OP could use this information as we as me and many others. Answers to these questions would be tremendously helpful! TIA!

 
Magento Community Magento Community
Magento Community
Magento Community
 
froogie123
Jr. Member
 
Total Posts:  8
Joined:  2011-03-29
 

Shared server. Some security addons on OScommerce sites, but no with Magento. I have SiteLock to monitor some of my sites---but they only do very basic monitoring ---because I only pay the basic while their ad says they will take care of everything. I will do something after the sites are up again.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 

change all of your ftp and ssh and any other passwords.

make them more secure/complicated.

never save your passwords in ftp or any other software that asks.

the odds of a hacker exploiting 3 different websites that belong to the same person are low, the odds that you have a keylogger or some other password stealing virus is much higher.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top