Storesprite.com Shopping Cart Ecommerce Forums  

Go Back   Storesprite.com Shopping Cart Ecommerce Forums > Storesprite Forums > Latest News

Latest News What's new? Find out in here!

Sponsored Links
IMPORTANT NOTICE

We kindly ask that all forum users respect the following:
We would appreciate it if you could be patient. Please help each other and most of all take some time to search for the answer to your question! It is very rare that we get a new question so invariably the answer will be here somewhere! Thank you!
Reply
 
Thread Tools Display Modes
  #1  
Old 06-06-2011, 10:04 AM
bulldog5046 bulldog5046 is offline
Member
 
Join Date: Aug 2010
Posts: 92
bulldog5046 is on a distinguished road
Default Are Storesprite stores being hacked/hijacked?

This morning all 3 of my stores have been hacked/hijacked with malicious code inserted at the opening PHP tags.

whats odd about the attack is that ONLY storesprite php files have been changed, all of my custom scripts and pages are completely clean which leads me to believe this is an attack on Storesprite sites.

so, has anyone else been attacked? anyone figured out how to resolve before i restore from backup?
Reply With Quote
  #2  
Old 06-06-2011, 10:44 AM
bulldog5046 bulldog5046 is offline
Member
 
Join Date: Aug 2010
Posts: 92
bulldog5046 is on a distinguished road
Default

This appears to be the exploit:

http://forr.st/posts/Find_Blackhole_...clean_them-Dqf

Not yet managed to get the site clean though even eith the supplied code..
Reply With Quote
  #3  
Old 06-06-2011, 11:47 AM
Storesprite Storesprite is offline
Administrator
 
Join Date: Jun 2008
Posts: 1,649
Storesprite has disabled reputation
Default

What version of SS? Please PM details of your URLS also.

Nothing has been reported directly to us or on this forum, we are aware of one client who had issues at least a year ago (but not with this) and it appeared at the time to have been caused by security issues at the host.

We will look into this as a precaution to see if there is anything we need to do.
Reply With Quote
  #4  
Old 06-06-2011, 12:01 PM
bulldog5046 bulldog5046 is offline
Member
 
Join Date: Aug 2010
Posts: 92
bulldog5046 is on a distinguished road
Default

I have PM'ed requested details.

I have also asked the Host to restore from backup so unsure how long the infected site will be visable for.
Reply With Quote
  #5  
Old 06-06-2011, 12:56 PM
bulldog5046 bulldog5046 is offline
Member
 
Join Date: Aug 2010
Posts: 92
bulldog5046 is on a distinguished road
Default

I've found some more infected code amoungst my google analytics javascript...
Reply With Quote
  #6  
Old 06-06-2011, 05:01 PM
Blueharvest Blueharvest is offline
Senior Member
 
Join Date: Jan 2007
Posts: 510
Blueharvest
Default

Quite a while ago we had a problem one one of our websites with some files being altered with malicious code and new files added but it was due to poor host FTP security at the time and not a storesprite security issue.

We changed the passwords, locked the FTP and checked all files and folders by hand for altered files/malicious code and new unknown folders. Google will sometimes spot files with malicious code.

It seems a bit odd as 3 of your sites have had a problem, are they all with the same host?
Reply With Quote
  #7  
Old 06-06-2011, 05:29 PM
Storesprite Storesprite is offline
Administrator
 
Join Date: Jun 2008
Posts: 1,649
Storesprite has disabled reputation
Default

An important note here:

If you believe this has happened to your store please save your server log files. If this is a storesprite vulnerability then hopefully we can check and see how access was gained. Also, it would be useful to see the code that has been added to your pages.

Unfortunately in this instance we might not get to see the logs and code, however, we are looking into how this toolkit works. Though have found limited information thus far.
Reply With Quote
  #8  
Old 06-06-2011, 05:40 PM
Storesprite Storesprite is offline
Administrator
 
Join Date: Jun 2008
Posts: 1,649
Storesprite has disabled reputation
Default

This thread is similar: http://forum.storesprite.com/showthread.php?t=1200

Important advice for everyone regardless:

- Disable FTP if you can and use sftp/ssh instead
- Ensure your passwords are secure and change them regularly
- Perhaps consider vps rather than shared hosting
Reply With Quote
  #9  
Old 06-06-2011, 06:29 PM
bulldog5046 bulldog5046 is offline
Member
 
Join Date: Aug 2010
Posts: 92
bulldog5046 is on a distinguished road
Default

Just a few points in regards to our enviroment.

My sites are on a Semi-dedicated (share with 1 other) server that is PCI compliant.

FTP is disabled, SFTP is used.

Unfortunately as mentions as we were in a hurry to get the site back we have restored from an earlier backup and the server logs may not be retriveable.
Reply With Quote
  #10  
Old 06-06-2011, 06:38 PM
Storesprite Storesprite is offline
Administrator
 
Join Date: Jun 2008
Posts: 1,649
Storesprite has disabled reputation
Default

Do you have access to bash_history (just in case server was compromised in another way?) might be worth taking a look at it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:35 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
© Copyright 2008 Lamp Design Limited