Customizing ProductCart - Virus infected

Print Page | Close Window

Virus infected

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Customizing ProductCart
Forum Description: Exchange messages with other users that are customizing ProductCart.
URL: https://forum.productcart.com/forum_posts.asp?TID=3359
Printed Date: 21-July-2025 at 12:40am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: Virus infected

Posted By: matle
Subject: Virus infected
Date Posted: 18-January-2010 at 8:53pm

Hi all,
I have successful installed and customized our website with ProductCart more than month ago. Unfortunately, last week, we got infected with virus named Trojan.Malscript B, another noted with Trojan-Downloader.JS.Agent.ewo (Kaspersky AVP) & (ZoneAlarm)

I Checked our sourrces and saw that all of our .js, .asp and .html were infected. Those files were modified at the same time and date. Does any body know how our site was infected? Is it because the hacker inserted a script in one of our input fields and this script was executed by our ProductCart software? or the hosting was infected? Our code produced something that were noted as virus?, any possibilities and how to protect our site for the second time?

Thanks,

Replies:

Posted By: netprofits
Date Posted: 18-January-2010 at 9:00pm

Hi Matle,

Most likely your site was hacked by someone who "sniffed" your FTP credentials when you connected to your web site to either upload files or make additional updates to the web site. We have heard of this happening more often over the past several months.

The best solution is to ask your web hosting service to restore a backup from before the date the files were hacked.

Additionally you should contact you web host to see if there is a way to either access your site with Secure FTP or to restrict FTP access to your computer's IP address.

Hope this helps!

Dan

-------------
NetProfits Internet Consulting

Certified ProductCart Developer

http://www.nicwebdesign.com" rel="nofollow - Our Site

Posted By: Greg Dinger
Date Posted: 18-January-2010 at 9:04pm

I second the suggestion at locking FTP to known IPs, perhaps that from both your home and office.

There was an attack last year where servers were being compromised by FTP, and regardless of changing the FTP password one day, the site was successfully attached the next day. The hackers would insert IFRAME code into pages. Locking FTP to known IPs will help limit your exposure to such a re-occurrance.

Good luck.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: Hamish
Date Posted: 18-January-2010 at 9:05pm

Hi Matle,
My suspicion is that the problem is server related, or another app on the same server.
Either that or an FTP account with sufficient privileges has been cracked.

Our own site and that of many customers are scanned regularly for vulnerabilities and there are no known vulnerabilities in the code.

The hosting company should be able to examine the server logs to help ID the source/route of infection.

-------------
Editing ProductCart Code?

See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code

Posted By: matle
Date Posted: 18-January-2010 at 9:18pm

Thanks all for prompt reply. Smile