Results 1 to 5 of 5

Thread: website hacked?

  1. #1

    Unhappy website hacked?

    My antivirus software found a virus in my local backup of my website. So I surfed to the corresponding URL on my site, and I'm looking at a black page that shows all directories and files on the hosting space. At the top is some ASCII graphics that say "GNY.Shell" . So I assume I've been hacked. Nobody's defaced the main page, but basically I need to know how to remove these files and prevent this type of thing from happening again.

    Can anyone give me some pointers or a link to a tutorial about securing my site? It's running on ZenCart.

    Thank you for any help! I'm going to go search on the zen cart site for some security tutorial posts.
    Analog = Classical
    Digital = Techno

  2. #2
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Just remove the web based shell and turn register_globals, allow_url_fopen, and allow_url_include off. The very least people could do is htaccess their cpanel-ish scripts.

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    And make sure you update the software (1.3.8 I believe is the latest verson of ZenCart. GYNshell has been around for years, but the most recent update was the middle of last month.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Quote Originally Posted by The-Spec View Post
    Just remove the web based shell and turn register_globals, allow_url_fopen, and allow_url_include off. The very least people could do is htaccess their cpanel-ish scripts.
    Ok... I understand deleting the shell/php file, but the register_globals, allow_url_fopen and url_include ... where would I make those changes?

    This is hosted on a server that I don't have control over. Is that on their end or are these settings in ZC?
    Analog = Classical
    Digital = Techno

  5. #5
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    What OS is zen cart running on?

    If linux/osx, I suggest you check the file permissions. Part of the linux install of zen cart requires the installer to change the file permissions to 777. Then you are supposed to change it back (644 or 444) after the install (as well as change the name of the install script).

    CSR
    Last edited by Cheap Scotch Ron; April 16th, 2010 at 12:35 PM.
    In God We Trust....Everything else we backup.

Similar Threads

  1. Website Administration
    By jethro in forum The Security Tutorials Forum
    Replies: 4
    Last Post: August 9th, 2006, 10:13 AM
  2. Guantanamo Bay Military Website Hacked
    By Egaladeist in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: August 1st, 2005, 01:32 PM
  3. How to recover from hacked website?
    By ksel_ah in forum Web Security
    Replies: 7
    Last Post: November 19th, 2004, 05:01 AM
  4. someone has hacked my website..
    By diehard in forum Newbie Security Questions
    Replies: 15
    Last Post: July 1st, 2003, 09:50 AM
  5. FAA website hacked
    By BrainStop in forum AntiOnline's General Chit Chat
    Replies: 12
    Last Post: April 28th, 2002, 01:21 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •