more than likely you should talk to your host about this, i would suspect a security breach on the server

I don't think the cart normally has a link to the terms and conditions. Is this something you entered manually and are you sure the link is correct ?

As usual a link to the problem would be helpful. (You can always remove it later).

Mike

It's probably Step 1 Mike, where it says Shopping Cart at the top but it's actually page 1 of the checkout process.

PS - no comments of 'oh sorry haven't seen stage 1 for a while' lol .

Hmmm quite a few hacked actinic sites lately? - could it be due to the recent discussions on actinics holes. Maybe the mods need to remove those threads

OK. The problem is the T+Cs link on the catalog pages. It's not obvious to me where the page is coming from though. See for yourelf:

http://www.liassis.com/acatalog/

Mike

certainly seems odd..it's also happening with the 'home' and 'shop' links
One thing I did notice is that you have html formatting in your links. Strip that out and see what effect that has.
Still no idea where the junk is coming in though!

http://vsa.vassar.edu/ - students hacking???

That is trashed, wipe the server, contact the host and start again, must be server related IMO. Its working really slow also, maybe a good time to consider a new host, who is it with at the moment?

Looks like he's using prontohosts?

http://community.actinic.com/showthread.php?t=32468

It looks like he also pasted his username and password onto the forum so that may have been seen or looked for in a cached version of the page.

My advice would be too change the username and password and then wipe the server and start again.

Mike

RE: SPAM on Acrtinic Site

Hi,

Thanks for all you active comments.

Some updates; Prontohosts are not the hosts. Webdockers are.

I gave up on Prontohosts when they could not support some technical aspect that Actinic required, a long time ago.

My passwords were not knowlingly posted, if you look at the post image they were replaced by xxxxx. Additionally they are completely different under Webdockers. So I don't think they have been gleened from a post

The ISP people (Webdockers) say nothing is wrong with their security, but something must be wrong with my directory structrues allowing Global access (777 v 755 etc.) to the hackers

Other Actinic sites have been recently hacked apparently - do we know if the ISP and/or the Hacking site are often common i.e. could an aggrived ex-employee be passing details around ? I will change my ISP password and check directory settings (Employees would not have password access I expect)

Could somebody tell me if I will lose me recent orders if I restore a recent snapshot ? I presume I do as the database is restored too ?

I presume the advice is to cleardown the server directories and re-upload Actinic and then check all directory settings and block global write/execute access everywhere ?

Maybe Actinic should provide a security check tool ?

When you run in Test Mode, Actinic creates test directories and then removes them. Is it possible you can pickup something from Test Mode which you then publish into Production unwittingly or are test mode environments locked down ?

Just an update,

all /acatalog files were already set to 644. I found a file called 149401.php in the acatalog directory and have deleted it. It now nolonger points to the spam links, but does not point back to actinic either. when I get back to my home PC with Actinic on I will try reloading the website in the hope that all original links are restored to their supposed html pages.

I have nothing set to 777, everything seems to be tight, so I don't understand how this 149401.php file works.

this still points to hacking activitiy which is due to server security ie security holes in scripts on the server often unwittingly uploaded by other users on the server and not actinic scripts.