A hacking script and phishing files were recently created under the shopsite web directory on our server.
Has anyone else been hit by a hack?
I’m trying to determine if there is a vulnerability in the shopsite program or if it is a remnant of a previous hack through an old version vBulletin forums software that was running.
We're running ShopSite Pro 10 sp2 r2.
Security vulnerability?
4 posts
• Page 1 of 1
Security vulnerability?
by gkrehbiel » Thu May 05, 2011 6:12 am
- gkrehbiel
- Posts: 97
- Joined: Mon Jun 15, 2009 11:31 am
- Location: Washington, D.C.
Re: Security vulnerability?
by Jim » Thu May 05, 2011 6:40 am
We haven't had reports of any hacking on other ShopSite stores.
What directory were the files in - the output directory, ss cgi directory, sc cgi directory etc.
What directory were the files in - the output directory, ss cgi directory, sc cgi directory etc.
- Jim
- Site Admin
- Posts: 4953
- Joined: Fri Aug 04, 2006 1:42 pm
- Location: Utah
Re: Security vulnerability?
by robm » Thu May 05, 2011 12:42 pm
Have your web host check the FTP logs for these filenames. Often times these scripts are uploaded via a hacker that has obtained your FTP information.
If your forum/blog software is not at the latest version, upgrade them asap. Also check any "777" directory in your account for malicious files, as hackers often place one file that can then be accessed to upload other files, make changes, send spam, etc...
If you look at the timestamp of the malicious file, check your web access log for this exact time and search for a "POST" status to see if the hackers used a file in your web space to manipulate files in your account.
It's very doubtful they used ShopSite to upload these files. We have not seen this happen in our 15+ years of hosting.
Rob
If your forum/blog software is not at the latest version, upgrade them asap. Also check any "777" directory in your account for malicious files, as hackers often place one file that can then be accessed to upload other files, make changes, send spam, etc...
If you look at the timestamp of the malicious file, check your web access log for this exact time and search for a "POST" status to see if the hackers used a file in your web space to manipulate files in your account.
It's very doubtful they used ShopSite to upload these files. We have not seen this happen in our 15+ years of hosting.
Rob
- robm
- Posts: 463
- Joined: Fri Aug 04, 2006 5:46 pm
- Location: Connecticut
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 76 guests