Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: CopagJoe on February 11, 2006, 01:21:16 AM

Title: website appears hacked - unable to sign on as root remotely
Post by: CopagJoe on February 11, 2006, 01:21:16 AM

Mid afternoon today my website suddenly started to behave strangely. Some screens were changed in appearance. Even when I replace the source from my local server it doesn't fix the problem. I am also no longer able to sign on remotely. I went to the server location, signed on fine. Rebooted the server. Still have the same problems. Any help is appreciated. My site is worthless right now. www.cardsbycopag.com I am using CRE 6.15 oScommerce with significant mods

Title: website appears hacked - unable to sign on as root remotely
Post by: ldkeen on February 11, 2006, 07:39:04 AM

You  really should be sending your request to securityATlists.contribs.org. There are some known vulnerabilities with CRE 6.15, did you apply the patch for the exploit described here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0478 I would be downloading rkhunter and do a full system scan. Also if you can get local root access go back through the bash history (by hitting the up arrow key) and see if you can see anything strange.
Regards Lloyd

Title: Re: website appears hacked - unable to sign on as root remot
Post by: pfloor on February 11, 2006, 09:57:21 AM

Quote from: "ldkeen"

You  really should be sending your request to securityATlists.contribs.org.

No, he should be discussing the security problems with the people at CRE and OScommerce.  

Quote

There are some known vulnerabilities with CRE 6.15, did you apply the patch for the exploit described here: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0478

I think it's too late for the patch.  The hackers have already done their damage.  He will most likely need to re-load the website from scratch as the attacker is able to copy, delete, change files at will.  It is classified as a level 7 valnurability!