Topic: website appears hacked - unable to sign on as root remotely

[CopagJoe]

Mid afternoon today my website suddenly started to behave strangely. Some screens were changed in appearance. Even when I replace the source from my local server it doesn't fix the problem. I am also no longer able to sign on remotely. I went to the server location, signed on fine. Rebooted the server. Still have the same problems. Any help is appreciated. My site is worthless right now. www.cardsbycopag.com I am using CRE 6.15 oScommerce with significant mods

[ldkeen]

You  really should be sending your request to securityATlists.contribs.org. There are some known vulnerabilities with CRE 6.15, did you apply the patch for the exploit described here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0478 I would be downloading rkhunter and do a full system scan. Also if you can get local root access go back through the bash history (by hitting the up arrow key) and see if you can see anything strange.
Regards Lloyd

[pfloor]

You  really should be sending your request to securityATlists.contribs.org.

No, he should be discussing the security problems with the people at CRE and OScommerce.  

There are some known vulnerabilities with CRE 6.15, did you apply the patch for the exploit described here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0478

I think it's too late for the patch.  The hackers have already done their damage.  He will most likely need to re-load the website from scratch as the attacker is able to copy, delete, change files at will.  It is classified as a level 7 valnurability!