| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Warning: Iframe based attacks using stolen FTP access info | ||||
|
|
Thread Tools |
#141
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
Hi Ene, We already have something like this in place. We have all index.* files being watched on our servers. We use CSF for our firewall and it has the capability of monitoring changes to directories and files. You set the pattern and if any changes match those patterns we get alerted immediately.
__________________
Emerson █ Total Server Solutions LLC- Quality X-Cart Hosting █ Recommended X-Cart Hosting Provider - US and UK servers █ Does your host backup your site? We do EVERY HOUR!!! █ Shared Hosting | Managed Cloud | Dedicated Servers |
|||||||
#142
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
It is always great to know that our recommended hosting providers are better than the usual average hosts : -) ---- BTW: * http://www.kb.cert.org/vuls/id/827267 * http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx: Quote:
__________________
Eugene Kaznacheev, Evangelist/Product Manager at Ecwid: http://www.ecwid.com/ (since Sept 2009) ex-Head of X-Cart Tech Support Department ex- X-Cart Hosting Manager - X-Cart hosting ex-X-Cart Technical Support Engineer Note: For the official guaranteed tech support services please turn to the Customers HelpDesk. |
|||||||||
#143
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
I would definitely suggest modifying the code line above and removing the public_html. On one of the sites I do programming for he received this nasty little bug and I found some instances of the iframe located within pages for the stats programs they are running, which is before the public_html web accessible directory. I also suggest doing a search of all your files for anything using the following: document.write(unescape( I know it is used in the Google Analytics code, but if you find it within our files and do not know why it is there I would be asking some MAJOR questions. : ) I for one can also say I know this did not happen due to x-carts help desk as I have not used their help desk and have not given the FTP password to anybody but my client that I do programming for. Good luck to everybody....
__________________
Thank You, RealCarAudio X-Cart Gold ver 4.1.11 |
|||||||
#144
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Is there really still no answer to HOW this happened?
__________________
X-Cart Gold 4.1.9 |
|||||||
#145
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
We may never know the specifics, but it looks like it started with someone who had a few X-Cart FTP logins on their computer, got the virus which infected those sites and it was all downhill from there. If you are looking for blame, you probably are never going to find the actual 'Typhoid Mary' who started it all.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#146
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
If people post their exploited url, and all the people who have had FTP access, a common denominator could likely be found.
|
|||||||||
#147
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
|
|||||||
#148
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
The thing is, it could have been stolen from - well - yourself. If you visited a site with the hack, you'd get the virus, and thus infect your site if you didn't have adequate virus protection. So it may not be one source, but hundreds.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#149
|
|||||||
|
|||||||
Re: Warning: Iframe based attacks using stolen FTP access info
People that have run scans and have noticed they themselves have been exploited should not mention or contribute to the list, but ones that have scanned and have not found the exploit should say who had their information to find a common denominator. If you had an exploit then assume that it was stolen from yourself, only if your computer(s) is clean then start listing out providers and other people with access.
|
|||||||
#150
|
|||||||||
|
|||||||||
Re: Warning: Iframe based attacks using stolen FTP access info
It seems that it might be easier to provide that kind of information if there was a central place assigned to colect and analze that data - perhaps someone assigned at QT or one of the service providers that is aleady studing this? I'm reluctant to post that on the forum because the speculation in an open forum could mistakenly target the wrong person and hurt their business.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
|
|||
X-Cart forums © 2001-2020
|