fenix-store.com hacked!

4sevens

Flashlight Enthusiast
Joined
Feb 29, 2004
Messages
2,876
Location
Atlanta, GA
hey folks...

My webstore just got hacked!!! Seems like pictures won't load in IE
but firefox still works. I try to connect to the server via SSH and it's
blocked. Whats going on? I heard another flashlight web store
also got hacked recently. :(
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
13,453
4seven i heard something about hackers who are protesting the war did it to some sites but i may a missunderstood the post ill see if it loads with ie ill be righ back ok im back loaded with firefox only maybe the site is just messed up i doubt a hacker would hack it like that?
 

DonShock

Flashlight Enthusiast
Joined
Dec 28, 2005
Messages
1,641
Location
Belton Texas
It was Light-Edge that got hacked and he's back up now. But when he got hacked, the home page was changed with a bunch of foreign language stuff.
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
13,453
i just see the image proepties on ie dont match what they are on firefox
 

cheapo

Flashlight Enthusiast
Joined
Jan 5, 2005
Messages
3,326
it works like a champ on firefox, but yeah, on explorer... :(

-David
 

LEDninja

Flashlight Enthusiast
Joined
Jun 15, 2005
Messages
4,896
Location
Hamilton Canada
Works fine on both netscape and icab.

IE has not worked for me ar all anywhere since my IP upgraded his software 3 months ago (sympatico/msn). Check with the server administrator.
 

gregw

Flashlight Enthusiast
Joined
Jun 7, 2004
Messages
1,511
Location
Hong Kong
It's obvious that you are using OSCommerce... Have you patched it to the latest version? There's probably a bug in it that allows hackers to get into your server. A few weeks ago, I was tracking this spammer phishing Paypal, and the guy was exclusively using OSCommerce sites to upload his PHP and HTML pages.

BTW, when I load your site on IE, it looks like the images link to "http:///images/filename.JPG" instead of "http://fenix-store.com/images/filename.JPG". Taking a close look at the source, there is a line "<base href="">".. You need to get rid of this for the site to work in IE...
 
Last edited:

Skyclad01

Enlightened
Joined
Oct 3, 2005
Messages
283
Location
AZ.
This really doesnt look like a hack. Looks more like a site/server error as all the text is there and everything is in its correct place and all the links are true. Just no colors or images.
 

4sevens

Flashlight Enthusiast
Joined
Feb 29, 2004
Messages
2,876
Location
Atlanta, GA
Skyclad01 said:
This really doesnt look like a hack. Looks more like a site/server error as all the text is there and everything is in its correct place and all the links are true. Just no colors or images.

Thats the strange thing. I never changed any code and it happened all
of a sudden.

gregw said:
It's obvious that you are using OSCommerce... Have you patched it to the latest version? There's probably a bug in it that allows hackers to get into your server. A few weeks ago, I was tracking this spammer phishing Paypal, and the guy was exclusively using OSCommerce sites to upload his PHP and HTML pages.

BTW, when I load your site on IE, it looks like the images link to "http:///images/filename.JPG" instead of "http://fenix-store.com/images/filename.JPG". Taking a close look at the source, there is a line "<base href="">".. You need to get rid of this for the site to work in IE...

Hmm... well if I could SSH into the site I would look into it but SSH
seems to be down. I've already put in a trouble ticket. :(

Well, if it was a hack, I'd have to say this is one and probably the only
one advantage of paypal... no credit card info is stored on my site.
all of it is on paypal's site.
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
You might want to make sure YOUR site is up and not a spoofed phantom site. There have been spoofer site that look identical to the original in every way to their original sites, but of course the owner is not the good but the bad. Spoofer sites will gather CC#s and other personal/private information. You may want to call the ISP if you do not host the site. The weird things that stand out in my mind is that SSH is now off, and the website content has changed (but you haven't changed it). I AM NOT SAYING YOU ARE HACKED at this point mind you, but you will definitely want the ISPs stance on why SSH is off and content has changed. If it is testing they need to say so, if it is maint. then they need to say so. You need more information and clarification, especially since you are the only one here that knows the "norm" of your site.

Sincerely,

Shaman.
 

4sevens

Flashlight Enthusiast
Joined
Feb 29, 2004
Messages
2,876
Location
Atlanta, GA
update.... they changed the ssh port :) thats why i couldn't get it.

turns out I didn't get hacked. they updated PHP to the newest version
and broke something.... it should be working now :)

phew! that was scary. :)

Gregw, you advice really helped. it was the base url thingy. :D
 

shaman

Newly Enlightened
Joined
Jun 12, 2005
Messages
160
Location
Under God.
Glad to read all is well. You showed a good sign of character, even if the problem wasn't what was originally thought.

Sincerely,

Shaman
 
Top