How to avoid a fast that your site is attacked osCommerce

, , Comment closed

During the last two months, websites based on osCommerce have undergone a massive attack by hackers. A large majority of attacks received by osCommerce websites be solved by updating the application to the latest version, 2.3.1. Unfortunately, the performance of this update is not trivial and, in most cases, involves reinstallation of the application from scratch. In addition, the format of the database used has changed so a backup is not reusable.

In our article today will indicate a number of key recommendations for any osCommerce site manager. Further aim as whether a site is vulnerable osCommerce Hosting and, in the event that it has been attacked, as setting a patch.


1. – Check the version of osCommerce

The attacks on osCommerce mainly have affected versions prior to 2.30, in particular all 2.2.x versions

We can check what version you have installed easily accessing the management interface of the application. Once inside, go to “tools / server information” (tools / server info). If the version is greater than or equal to 2.3.0 we can relax.

2. – Check if we have been infected

Before performing any action on our osCommerce site, check if it has been compromised.

If you have a backup of “healthy” web site, we can download by FTP website to our team and compare it with the good copy. In Linux can be done quickly using the command diff to show a list of modified files:

# Diff-w-q webshop / webshop-backup /

We should pay attention to those files that contain an iframe embedded. Use the command grep can search that directive files contain iframe:

# Grep-R-i “iframe” webshop /

If you only find a file containing the string JavaScript iframe, we have not been infected. Anyway, we should be wary of this search as there are many techniques to hide strings. This blog shows a detailed analysis of the attacks received by osCommerce will help us detect, next to searches indicated, if our site is infected.

In case you have been infected, it is best to fully restore our website.

3. – Temporarily secure our web site

The attack received is led to inadequate implementation of safety management interface osCommerce 2.2. There are two ways (not exclusive) to make sure our website:

a) Patch Management in files: application is recommended Administration Tool Log-In Update that secures the osCommerce administration interface. This requires adding some lines of code to osCommerce files:

catalog / admin / includes / application_top.php

catalog / admin / login.php

These changes and avoid incoming attacks by osCommerce during these months. We check if we are protected by directly accessing this URL:

/ Admin / file_manager.php / login.php? Action = download & filename = / includes / configure.php

If we are sure, a window to enter login details will be displayed. Conversely, if a window that tells us if we want to download a PHP file, estarmos exposed to attack.

b) Protect the access to the management interface through a file. htaccess.

4. – Plan an update

The patch previously discussed only allows us to be immune to attacks related to the management interface, but we remain vulenarables to other attacks that may arise. Version 2.3.1 of osCommerce incluyte a number of improvements in security, so it is recommended to upgrade to this version. OsCommerce version 3.0 and requires changes in the hosting platform, because it is necessary to run PHP 5.3.