Results 1 to 10 of 26

Threaded View

  1. #7
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Quote Originally Posted by DrByte View Post
    If you look at the "refer:" addresses in the logs you posted, you'll notice that those sites come from various places around the world. And, the fact that they're in your logs as referers suggests that something on "those" websites is a link back to *your* website.
    That's likely where your increased traffic is coming from.

    You may have to do some research to track down what's on their site that resembles a link to your URL.

    I suppose it's possible that maybe they're all victims of a hack exploitation where someone's put links from their site to your site and maybe specifically into an exploit on *your* server that they're trying to create a curtain to hide behind.

    While none of this specifically implicates anything specific to Zen Cart, your site may have been compromised.

    I recommend that you treat it as though your site *may* have been compromised, and follow all the steps for recovering from hacks, as documented here:

    http://www.zen-cart.com/wiki/index.php/Recovering_From_Hacks

    I would also recommend the research of those other sites and ask their owners to take off the links to your site.
    ----------------------------------------
    ----------------------------------------

    Thanks

    the URL you point to as to recovering from hacks :

    We cannot compare orginal Zencart files as we did not manually install the software as it is a function of the hosting service.

    Orginally we simply clicked on a install function as hostmonster the host has Zencart as a program and it installs the software into our domain directory. Until last week Version 1.3.7 was being used and this security problem was seen.

    Hostmonster had the newest 1.3.8a and we simply hit a update icon on hostmonster and it does the software updating thus we do not have the orginal files.

    Doing the update process I assume overwrote all the files of V 1.3.7 and same issue is seen with new files being used so you'd think if someone hacked a Zencart file it was overwritten and problem would have went away but its not with V 1.3.8.

    In using the "check MySQL" for database of Zencart on hostmonster I see

    teamzron_zc1.ubbt_BANNED_USERS OK teamzron_zc1.ubbt_BBCODE OK
    teamzron_zc1.ubbt_CACHE warning : 3 clients are using or haven't closed the table properly status : OK
    teamzron_zc1.ubbt_CACHED_PERMISSIONS warning : 3 clients are using or haven't closed the table properly
    -------------------------
    At that time I saw only ONE user on Zencart but SQL check says 3 clients have not closed the table properly
    Is that any clue with those warnings shown ?

    Is there any log for Zencart so we could see all visitors who were on the frontstore for the day to backtrack where they came from ?
    Last edited by teamzr1; 11 Sep 2008 at 04:28 PM.

 

 

Similar Threads

  1. ie security issues
    By AmandaGero in forum General Questions
    Replies: 2
    Last Post: 11 Sep 2010, 05:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg