my site hacked by pharamacy100.co.uk

6 years ago
Hello,

my site images are hacked by
pharmacy100.co.uk

My site is hosted on Arvixe shared hosting plan. I have also reached out to them for help.

I have closed the store for now  and deleted the settings.txt file that stores database connection info.
I am using latest nopcommerce 3.10

please help.

Thank you.
6 years ago
Can you explain the type of hack?
cross-site scripting? SQL injection?
6 years ago
use windows identity instead. Do not open your sql database for incoming piped names and tcp/ip traffic. If you are on a shared hosting plan you might run into problems. If nopcommerce would allow multiple store hosting, I would be the first to launch a dedicated server for low budget shared hosting to comfort the low traffic web sites in a good manner.
6 years ago
Hi
For my client account same issue did too . Setting files in shared hosting hacked  . Then shut down site . Then changed and fixed  .
6 years ago
Hi,

If you are hacked, you likely want to reset all users passwords and move to another fresh installed server.

It can also happen that the shared hosting party is sharing various systems on 1 server. Than you might have to be careful since the security of for instance php and iis are quite different. iis will block other files by default than php on an apache server.

J.
6 years ago
beefydog wrote:
Can you explain the type of hack?
cross-site scripting? SQL injection?


I have hosted my site on shared server at Arvixe.

The image link gets modified to...
src="http://www.pharmacy100.co.uk/content/images/thumbs/IMAGE_NAME_GOES_HERE"

IMAGE_NAME_GOES_HERE = Image name file you have given. Ex. log.jpg

Temp solution:
Log in as admin and "Clear Cache"

I see below attacks regularly...

The controller for path '/MyAdmin/scripts/setup.php' was not found or does not implement IController.
The controller for path '/myadmin/scripts/setup.php' was not found or does not implement IController.
The controller for path '/cgi-bin/php4' was not found or does not implement IController.

Thank you.
6 years ago
OK. Somebody tries opening these links. They don't exist and hence appropriate records are added to log.  You can ignore these log messages. It doesn't mean that your site was hacked.