Announcement

Collapse
No announcement yet.

SPAM being linked to my Terms and Conditions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    SPAM being linked to my Terms and Conditions

    Hi, using V8 Business with the latest available upgrade and standard Actinic out of the box, unmodified template.

    Within my shopping cart there is a link to my T&C's. If you click this up come a viagara type site (spotted this yesterday). If you carry on the checkout process, the T&C's display as part of the checkout process without problems.

    I don't really understand the security implications about stopping these attacks, but I have configured my site through the upload options within Actinic, and I assume Actinic would set all the Directory security accordingly?

    Any pointers as to how I can block / change directory settings ?

    Before this problem arose I had switched to test mode and was experimenting with some layout changes. Could this have somehow picked up the spam and then uploaded it into my Production site ? How does the Test Mode actually work from a security perspective ?

    If I restore my sitebackup (2 days old) do you think this might resolve this or should I delete every directory on my host site and reload again ?

    If I restore my site backup, will I lose my recent orders ?
    Thanks

    Anthony Kudzin

    #2
    more than likely you should talk to your host about this, i would suspect a security breach on the server

    Comment


      #3
      I don't think the cart normally has a link to the terms and conditions. Is this something you entered manually and are you sure the link is correct ?

      As usual a link to the problem would be helpful. (You can always remove it later).

      Mike
      -----------------------------------------

      First Tackle - Fly Fishing and Game Angling

      -----------------------------------------

      Comment


        #4
        It's probably Step 1 Mike, where it says Shopping Cart at the top but it's actually page 1 of the checkout process.

        PS - no comments of 'oh sorry haven't seen stage 1 for a while' lol .

        Comment


          #5
          Hmmm quite a few hacked actinic sites lately? - could it be due to the recent discussions on actinics holes. Maybe the mods need to remove those threads

          Comment


            #6
            OK. The problem is the T+Cs link on the catalog pages. It's not obvious to me where the page is coming from though. See for yourelf:

            http://www.liassis.com/acatalog/

            Mike
            -----------------------------------------

            First Tackle - Fly Fishing and Game Angling

            -----------------------------------------

            Comment


              #7
              certainly seems odd..it's also happening with the 'home' and 'shop' links
              One thing I did notice is that you have html formatting in your links. Strip that out and see what effect that has.
              Still no idea where the junk is coming in though!
              Tracey

              Comment


                #8
                http://vsa.vassar.edu/ - students hacking???

                Comment


                  #9
                  That is trashed, wipe the server, contact the host and start again, must be server related IMO. Its working really slow also, maybe a good time to consider a new host, who is it with at the moment?

                  Comment


                    #10
                    Looks like he's using prontohosts?

                    http://community.actinic.com/showthread.php?t=32468

                    It looks like he also pasted his username and password onto the forum so that may have been seen or looked for in a cached version of the page.

                    My advice would be too change the username and password and then wipe the server and start again.

                    Mike
                    -----------------------------------------

                    First Tackle - Fly Fishing and Game Angling

                    -----------------------------------------

                    Comment


                      #11
                      RE: SPAM on Acrtinic Site

                      Hi,

                      Thanks for all you active comments.

                      Some updates; Prontohosts are not the hosts. Webdockers are.

                      I gave up on Prontohosts when they could not support some technical aspect that Actinic required, a long time ago.

                      My passwords were not knowlingly posted, if you look at the post image they were replaced by xxxxx. Additionally they are completely different under Webdockers. So I don't think they have been gleened from a post

                      The ISP people (Webdockers) say nothing is wrong with their security, but something must be wrong with my directory structrues allowing Global access (777 v 755 etc.) to the hackers

                      Other Actinic sites have been recently hacked apparently - do we know if the ISP and/or the Hacking site are often common i.e. could an aggrived ex-employee be passing details around ? I will change my ISP password and check directory settings (Employees would not have password access I expect)

                      Could somebody tell me if I will lose me recent orders if I restore a recent snapshot ? I presume I do as the database is restored too ?

                      I presume the advice is to cleardown the server directories and re-upload Actinic and then check all directory settings and block global write/execute access everywhere ?

                      Maybe Actinic should provide a security check tool ?

                      When you run in Test Mode, Actinic creates test directories and then removes them. Is it possible you can pickup something from Test Mode which you then publish into Production unwittingly or are test mode environments locked down ?
                      Thanks

                      Anthony Kudzin

                      Comment


                        #12
                        Just an update,

                        all /acatalog files were already set to 644. I found a file called 149401.php in the acatalog directory and have deleted it. It now nolonger points to the spam links, but does not point back to actinic either. when I get back to my home PC with Actinic on I will try reloading the website in the hope that all original links are restored to their supposed html pages.

                        I have nothing set to 777, everything seems to be tight, so I don't understand how this 149401.php file works.
                        Thanks

                        Anthony Kudzin

                        Comment


                          #13
                          I found a file called 149401.php in the acatalog directory and have deleted it.
                          this still points to hacking activitiy which is due to server security ie security holes in scripts on the server often unwittingly uploaded by other users on the server and not actinic scripts.

                          Comment

                          Working...
                          X