Possible Security Problem on v6.2.Pro[13.1 (SP1)]

ChevyNova · **Joined:** Fri Feb 10, 2006 1:00 am **Posts:** 6

Hello,

I updated my site to Patch 13 (SP1) when released.

When making changes to the site today I noticed a series of characters across the top of main page.

When looking on the site I found that on March 8 files were load to several Directories. One of which included reference to a shell program. Another included a typo or intentional extra characters. That was what displayed at the top of the main page.

I copied the files off and deleted them and re uploaded the effected files.

However I am not sure If I completely removed the hack.

Since this happened 30 days after patch 13 could this be a Security Problem?

What should the next step be?

thanks

ccwjr · **Posted:** Fri Mar 21, 2008 1:14 pm

Here are the things I would suggest.

1 Change your FTP password. If your host is using a control panel of some type, change that password also.

2 Notify your hosting company of the hack and see if they can tell when and how from the various server logs.

3 Make sure your anti-virus is up to date on your personal computer. If it does not detect keyboard logging programs, you may need to find a new application to protect you system.

4 Check the file permission on the various folder for the CRE loaded. The ones that require 777 will also have .htaccess files to reduce the rick of any unwanted files placed in them.
Charles

inetbiz · **Posted:** Sun Aug 03, 2008 9:44 pm

I'll assume you corrected this, but, what does your directory structure look like? Some templates move the mainpage to a different directory.

Make sure language definition files are 0644 for phpsuexec and suexec servers or even suphp.

Secure your directory though php.ini for suphp and .htaccess Ask your host to assist you do this.

Keep your patches updated! Software companies like CRE constantly improve and secure their software.

PCI scan your site on a quarterly basis and daily if you receive level 2 or above vulnerabilities.

Has your host met PCI requirements? Ask to see a copy of their PCI DSS Summary. Any excuse that a shared server cannot be made PCI standard secure is an excuse.

Satish · **Posted:** Fri Oct 17, 2008 5:38 pm

inetbiz wrote:

I'll assume you corrected this, but, what does your directory structure look like? Some templates move the mainpage to a different directory.

Make sure language definition files are 0644 for phpsuexec and suexec servers or even suphp.

Secure your directory though php.ini for suphp and .htaccess Ask your host to assist you do this.

Keep your patches updated! Software companies like CRE constantly improve and secure their software.

PCI scan your site on a quarterly basis and daily if you receive level 2 or above vulnerabilities.

Has your host met PCI requirements? Ask to see a copy of their PCI DSS Summary. Any excuse that a shared server cannot be made PCI standard secure is an excuse.

Place site monitor contribution so You get a email daily with site changes/no changes to any file.

Double protect Your admin folder:
1) Normal creloaded type password based.
2)Password protect directory.

Additionally apply some htaccess so that not all IP address can login.

Satish

Loaded Commerce Community

Possible Security Problem on v6.2.Pro[13.1 (SP1)]

Who is online

Main Menu

Login

Forums Latest Activity

Top Listing