use windows identity instead. Do not open your sql database for incoming piped names and tcp/ip traffic. If you are on a shared hosting plan you might run into problems. If nopcommerce would allow multiple store hosting, I would be the first to launch a dedicated server for low budget shared hosting to comfort the low traffic web sites in a good manner.
If you are hacked, you likely want to reset all users passwords and move to another fresh installed server.
It can also happen that the shared hosting party is sharing various systems on 1 server. Than you might have to be careful since the security of for instance php and iis are quite different. iis will block other files by default than php on an apache server.
Can you explain the type of hack? cross-site scripting? SQL injection?
I have hosted my site on shared server at Arvixe.
The image link gets modified to... src="http://www.pharmacy100.co.uk/content/images/thumbs/IMAGE_NAME_GOES_HERE"
IMAGE_NAME_GOES_HERE = Image name file you have given. Ex. log.jpg
Temp solution: Log in as admin and "Clear Cache"
I see below attacks regularly...
The controller for path '/MyAdmin/scripts/setup.php' was not found or does not implement IController. The controller for path '/myadmin/scripts/setup.php' was not found or does not implement IController. The controller for path '/cgi-bin/php4' was not found or does not implement IController.
OK. Somebody tries opening these links. They don't exist and hence appropriate records are added to log. You can ignore these log messages. It doesn't mean that your site was hacked.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.