Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Hackers uploading files - Help needed.

11:49 am on Mar 15, 2011 (gmt 0)

Preferred Member

joined:Jan 7, 2010
votes: 0


One of the hacks ive had to deal with under OScommerce is where files (.php scripts) are being uploaded to a directory on my server and then executed at a later date.

Make the directory a 755 helps here - but I was wondering how to stop the hackers uploading the files in the first place.

My host says this.

Generally a site which is compromised will be via POST commands and usually is unpatched 3rd party apps like oscommerce etc *******

Now this is ok as it gives me something to look at - my host then says the following ....

In terms of the way they have accessed the site it could be one of the following:

IP ADDRESS REMOVED - - "POST /catalog/admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 14679 "-" "libwww-perl/5.803"

Can anyone advise me what this means? How it results in them "accessing" my site - and how it results in them being able to upload files?

Thanks in advance
3:05 am on Apr 1, 2011 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2886
votes: 1

Hi Fewkes,

Did you already find a solution for your hacking problem? The logfile entry provided by your hosting company suggests that the login.php script has some hole in it which can be misuses. The first thing to do is update to the latest version of the application you use and check their security announcements if this is a known bug and has been fixed.
4:23 pm on Apr 22, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Apr 30, 2007
votes: 0

The main way to truly protect the admin folders is to use your host's password protect directories from your cpanel. Make sure you lock it down from there. You cannot protect the osC admin folder from the application level there just too many factors.

In fact the login page that was introduced with the RC versions made security very weak as merchants believe the back end cannot be compromised and do not add the password from the cpanel which is a grave mistake.