Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

osCommerce question (not the usual sort)

Options
  • 30-09-2007 10:12pm
    #1
    miju
    Banned (with Prison Access) Posts: 8,486 ✭✭✭


    Have been using osCommerce for years and have never come across this:

    today while ironing out the finishing touces to a store for a client today I made a test purchase and low and behold when I go into the admin section to view the order theres about 20 spam orders for Dell Inspirons and Viagra etc basically a load of stuff the site doesnt sell.

    Has anyone here every come across this before because I certainly haven't ? Everything is secured on the site as well which is perplexing me?


Comments

  • Options
    #2
    forbairt
    Registered Users Posts: 3,594 ✭✭✭forbairt


    miju wrote:
    Have been using osCommerce for years and have never come across this:

    today while ironing out the finishing touces to a store for a client today I made a test purchase and low and behold when I go into the admin section to view the order theres about 20 spam orders for Dell Inspirons and Viagra etc basically a load of stuff the site doesnt sell.

    Has anyone here every come across this before because I certainly haven't ? Everything is secured on the site as well which is perplexing me?

    Haven't come across that before ... did you have anyone testing out the site ? someone trying some kinda injection attack on the system ?


  • Options
    #3
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    Was there a demo user or demo data at some point?

    Blog | Tweets



  • Options
    #4
    di11on
    Registered Users Posts: 1,262 ✭✭✭di11on


    Silly question... but I presume your admin area is password protected?

    Have you deleted the install directory?


  • Options
    #5
    miju
    Banned (with Prison Access) Posts: 8,486 ✭✭✭miju


    blacknight wrote:
    Was there a demo user or demo data at some point?

    there wasn't actually as i just happened to decide to delete it when i installed osCommerce (normally wouldn't though)
    di11on wrote:
    Silly question... but I presume your admin area is password protected?

    Have you deleted the install directory?

    yep everything install related is deleted and admin area is renamed and password protected with .htaccess with a 8 number / character password

    have to say am very perplexed by it


  • Options
    #6
    WPI20000
    Closed Accounts Posts: 17 WPI20000


    MAke your password really hard to guess


  • Advertisement
  • Options
    #7
    di11on
    Registered Users Posts: 1,262 ✭✭✭di11on


    miju wrote:
    .... and 8 number / character password ...

    I'd say that wuold be hard to guess!


  • Options
    #8
    CptSternn
    Registered Users Posts: 1,530 ✭✭✭CptSternn


    Do you have access to your web logs? I would definately look to see where that came from. I have seen similar issues with other shopping cart software - backdoors or bugs that can be accessed via the web (or automated via script).

    If I were you I would find those logs and see exactly what they did to inject those records into your system, else you may find they are able to cause havok later if they perfect the technique.


  • Options
    #9
    miju
    Banned (with Prison Access) Posts: 8,486 ✭✭✭miju


    well actually i think it is it'd look something like 9PaSwORD9 (not the actual password - use 2 instead :) )


Advertisement