Wednesday, October 27, 2010

Virus Cleaning and Prevention in osCommerce

What virus do?
In an osCommerce site a virus malware do the following:
- Create a form ask unnecessary to fill confidential data like order
detail or paypal detail. Once someone fills these details, those details
will be emailed to third party for misused.
- Creating link of website for creating traffic for those link.
- Using redirector for redirecting the customer to other site.
- Using iframe to display some unauthorized detail with a link to wesite.
So basically there are two objectives
- Steal data.
- Divert traffic to another website.

Different ways in which hackings are achieved.
1) SQL injection
2) Modify .htaccess and writing the error 404 rules or rewrite rules.
3) Place some javascript.
4) Placing .php or other files to execute and modify other files.

How to make out what is wrong?
Downloade all the code and check for,
- External links.
- javascript code having eval in it.
- check your .htaccess file.
- checking image folder and other folder.
- check permission is 777 or writing permission.
- use some scanning references to check for valueval pass and
analyze code.
- check your error log.
- check your access log.

Preventions:
Prevention basically includes three things.
• Your site itself
• Password of software used to upload content on site.
• And your Computer from where content is being upload.

How does one protect its site?
- Ensuring that all third party scripts or tools used on site should have
latest security updates or should be asked to hosting company to do
so.
- Delete unwanted folders, files, scripts and services those are no
more in use.
- Occasionally change the password of the software used to upload
content to the site.
Use strong password.
- Appropriate file permissions to be given.
- Disable file manager from admin.
- Site admin should be password (.htaccess) protected.
- Keep the computer used for site’s upload and download activities
should be up-to-date with all necessary operating system updates
and a strong antivirus with all latest updates.

Recommendations:
- It is always recommended, not to keep a soft copy of site
access details on computer.
- A regular code and database backup should be taken.
- There is few security add-ons are available in osCommerce that
should be installed on the site.




You can find original post here : http://www.oscprofessionals.com/blog/
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)