Cable Forum - View Single Post

SMHarman · 11-02-2006, 15:00

AWstats is separate to xcart and would be an attack on that application that runs on many servers, not just xcart servers.

xcart is vunerable to hacking as is any other shopping cart site, peoples credit card information is stored in the database, it can cause financial hardship while your site is down, reputational loss / risk as you are off line and know to have been hacked.

Did you change the SALT code when you first inistalled the cart. This will change the encryiption keys and make it harder to hack. Of course if your site is up and running changing this key is difficult as it will trash all the passwords.

Have you set the permissions on all folders correctly

What folder is your xcart running in? Hopefully not blah.com/xcart/shop.php the path gives a clear clue to which codebase the hacker is trying to get into. The best place to run the shop is actually in the root public_html folder, helps SEO too.

Have you password protected the provider and the admin folder (better still renamed them and password protected them (using HTAccess or simpler still using CPanel to write the HT access)

Does your robots .txt exclude the folders mentioned above.

Have you disabled indexes in the other folders?

If you do all the above and back up your code base and database regularly you have less to worry about. You should also patch your xcart with the security fixes sent out.

URL (702) Error Hits Referers
/xmlrpc.php 14 -
/blogs/xmlsrv/xmlrpc.php 10 -
/xmlsrv/xmlrpc.php 8 -
/blog/xmlsrv/xmlrpc.php 8 -
/_vti_inf.html 8 -
/wordpress/xmlrpc.php 8 -
/blog/xmlrpc.php 8 -
/xmlrpc/xmlrpc.php 8 -
/_vti_bin/shtml.exe/_vti_rpc 8 -
/drupal/xmlrpc.php 8 -
/phpgroupware/xmlrpc.php 8 -
/scgi-bin/awstats/awstats.pl 7 -
/cgi-bin/awstats/awstats.pl 6 -
/cgi-bin/awstats.pl 5 -
/blogs/xmlrpc.php 5 -
/scgi-bin/stats/awstats.pl 4 -
/cgi/awstats/awstats.pl 4 -
/stats/awstats.pl 4 -
/scripts/awstats.pl 4 -
/cgi-bin/stats/awstats.pl 4 -
/scgi-bin/awstats.pl 4 -
/scgi/awstats/awstats.pl 4 -

My log is equally bad, these are 404s though so not much can happen if they see a 404.

Oh BTW - yes I run XCart

11-02-2006, 15:00	#2
SMHarman Legal Alien Join Date: Jun 2003 Services: Cablevision Posts: 8,227	Re: Shopping carts hacked AWstats is separate to xcart and would be an attack on that application that runs on many servers, not just xcart servers. xcart is vunerable to hacking as is any other shopping cart site, peoples credit card information is stored in the database, it can cause financial hardship while your site is down, reputational loss / risk as you are off line and know to have been hacked. Did you change the SALT code when you first inistalled the cart. This will change the encryiption keys and make it harder to hack. Of course if your site is up and running changing this key is difficult as it will trash all the passwords. Have you set the permissions on all folders correctly What folder is your xcart running in? Hopefully not blah.com/xcart/shop.php the path gives a clear clue to which codebase the hacker is trying to get into. The best place to run the shop is actually in the root public_html folder, helps SEO too. Have you password protected the provider and the admin folder (better still renamed them and password protected them (using HTAccess or simpler still using CPanel to write the HT access) Does your robots .txt exclude the folders mentioned above. Have you disabled indexes in the other folders? If you do all the above and back up your code base and database regularly you have less to worry about. You should also patch your xcart with the security fixes sent out. URL (702) Error Hits Referers /xmlrpc.php 14 - /blogs/xmlsrv/xmlrpc.php 10 - /xmlsrv/xmlrpc.php 8 - /blog/xmlsrv/xmlrpc.php 8 - /_vti_inf.html 8 - /wordpress/xmlrpc.php 8 - /blog/xmlrpc.php 8 - /xmlrpc/xmlrpc.php 8 - /_vti_bin/shtml.exe/_vti_rpc 8 - /drupal/xmlrpc.php 8 - /phpgroupware/xmlrpc.php 8 - /scgi-bin/awstats/awstats.pl 7 - /cgi-bin/awstats/awstats.pl 6 - /cgi-bin/awstats.pl 5 - /blogs/xmlrpc.php 5 - /scgi-bin/stats/awstats.pl 4 - /cgi/awstats/awstats.pl 4 - /stats/awstats.pl 4 - /scripts/awstats.pl 4 - /cgi-bin/stats/awstats.pl 4 - /scgi-bin/awstats.pl 4 - /scgi/awstats/awstats.pl 4 - My log is equally bad, these are 404s though so not much can happen if they see a 404. Oh BTW - yes I run XCart