MrFewkes - 11:49 am on Mar 15, 2011 (gmt 0)
One of the hacks ive had to deal with under OScommerce is where files (.php scripts) are being uploaded to a directory on my server and then executed at a later date.
Make the directory a 755 helps here - but I was wondering how to stop the hackers uploading the files in the first place.
My host says this.
Generally a site which is compromised will be via POST commands and usually is unpatched 3rd party apps like oscommerce etc *******
Now this is ok as it gives me something to look at - my host then says the following ....
In terms of the way they have accessed the site it could be one of the following:
IP ADDRESS REMOVED - - "POST /catalog/admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 14679 "-" "libwww-perl/5.803"
Can anyone advise me what this means? How it results in them "accessing" my site - and how it results in them being able to upload files?
Thanks in advance