MrFewkes - 11:49 am on Mar 15, 2011 (gmt 0)

Hi,

One of the hacks ive had to deal with under OScommerce is where files (.php scripts) are being uploaded to a directory on my server and then executed at a later date.

Make the directory a 755 helps here - but I was wondering how to stop the hackers uploading the files in the first place.

My host says this.

*****
Generally a site which is compromised will be via POST commands and usually is unpatched 3rd party apps like oscommerce etc *******

Now this is ok as it gives me something to look at - my host then says the following ....

******
In terms of the way they have accessed the site it could be one of the following:

IP ADDRESS REMOVED - - "POST /catalog/admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 14679 "-" "libwww-perl/5.803"
******

Can anyone advise me what this means? How it results in them "accessing" my site - and how it results in them being able to upload files?

Thanks in advance
Fewkes