-
April 12th, 2010, 05:13 AM
#1
website hacked?
My antivirus software found a virus in my local backup of my website. So I surfed to the corresponding URL on my site, and I'm looking at a black page that shows all directories and files on the hosting space. At the top is some ASCII graphics that say "GNY.Shell" . So I assume I've been hacked. Nobody's defaced the main page, but basically I need to know how to remove these files and prevent this type of thing from happening again.
Can anyone give me some pointers or a link to a tutorial about securing my site? It's running on ZenCart.
Thank you for any help! I'm going to go search on the zen cart site for some security tutorial posts.
Analog = Classical
Digital = Techno
-
April 12th, 2010, 08:03 AM
#2
Just remove the web based shell and turn register_globals, allow_url_fopen, and allow_url_include off. The very least people could do is htaccess their cpanel-ish scripts.
-
April 13th, 2010, 02:38 PM
#3
And make sure you update the software (1.3.8 I believe is the latest verson of ZenCart. GYNshell has been around for years, but the most recent update was the middle of last month.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
April 16th, 2010, 07:56 AM
#4
Originally Posted by The-Spec
Just remove the web based shell and turn register_globals, allow_url_fopen, and allow_url_include off. The very least people could do is htaccess their cpanel-ish scripts.
Ok... I understand deleting the shell/php file, but the register_globals, allow_url_fopen and url_include ... where would I make those changes?
This is hosted on a server that I don't have control over. Is that on their end or are these settings in ZC?
Analog = Classical
Digital = Techno
-
April 16th, 2010, 12:29 PM
#5
What OS is zen cart running on?
If linux/osx, I suggest you check the file permissions. Part of the linux install of zen cart requires the installer to change the file permissions to 777. Then you are supposed to change it back (644 or 444) after the install (as well as change the name of the install script).
CSR
Last edited by Cheap Scotch Ron; April 16th, 2010 at 12:35 PM.
In God We Trust....Everything else we backup.
Similar Threads
-
By jethro in forum The Security Tutorials Forum
Replies: 4
Last Post: August 9th, 2006, 10:13 AM
-
By Egaladeist in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: August 1st, 2005, 01:32 PM
-
By ksel_ah in forum Web Security
Replies: 7
Last Post: November 19th, 2004, 05:01 AM
-
By diehard in forum Newbie Security Questions
Replies: 15
Last Post: July 1st, 2003, 09:50 AM
-
By BrainStop in forum AntiOnline's General Chit Chat
Replies: 12
Last Post: April 28th, 2002, 01:21 AM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|