Zen Cart Email & Footer Site Hacks

By Melanie Prough on Friday, July 31, 2009
Filed Under: Zen Cart Tutorials

Zen Cart Security

Zen Cart Security

We have recently seen a rash of hacked Zen Carts. This breach or hack has a multiple pronged attack, but is most readily and commonly identified by a bunch of spammy links in the store footer and/or store emails and/or a broken Zen Cart registration form. You can easily follow the numerous hack reports in the “Hack Attempts” section at Zen Cart. Note that this hack attempts to with some success download your entire database and more specifically tries to obtain customer credit card numbers. The spammy pharm links inserted into the site’s pages are the least of your troubles, as the entire Zen Cart store directory will likely have had its site wide file permissions all changed to be writable as well. Make no mistake this is a very serious breach and you need to act immediately.

I am going to attempt to give you a quick and very basic run down to correcting and preventing this issue in your Zen Cart. Please note that I am in no way endorsing Zen Cart owners to clean up this issue at all. Fact is you should have your hosting company or a professional do it for you in all likelihood.

This is going to be a moderate to advanced level Zen Cart tutorial.

  1. First and absolutely foremost, you MUST apply the proper security patches and keep your Zen Cart software up to date. This is in no way optional.
  2. You MUST rename your admin folder. Here are some instructions for renaming your Zen Cart admin folder.
  3. This hack has been found in many ancillary folders, like email, docs, etc, but has been most commonly found in your images directory in the root of your Zen Cart store. Open your store in FTP or file manager and navigate to your images directory.
  4. In your images directory and ALL sub directories you will be looking for any file that is NOT an image file. Specifically, these have been randomly generated .php files which run scripts to pull database information and other nasty things.
  5. Download each of the files to a secured folder for future possible reference and then delete them. After you clean up the images directory check the others such as docs, email, media etc.
  6. Now that we have cleaned it up your store should be working properly, but we must now protect it.
  7. You will need to reset all of your Zen Cart file permissions. Your configure files will be 444, normal files are 644 and folders 755 with few exceptions.
  8. Lastly, lets harden your security for these folders. You will need to upload a blank index.html to each one that does not have one. This will prevent browsing of the directory.
  9. Next we are going to create an htaccess that will also help to prevent browsing, but more importantly attempt to prevent an scripts from being executed in this folder. I have created a sample htaccess for you htaccess.
  10. Last, as a precaution, please change all passwords associated with your account.

You really need to have a bit of experience to properly do this, as we have personally seen many variations. If you have trouble you hosting company should be able to help you. If you need additional support we are happy to help you clean up your Zen Cart and secure it.

Tags: , , , , , , , , , , ,

2 Responses to “Zen Cart Email & Footer Site Hacks”

  1.  FAQ & Tutorials » My login form is broken, have I been hacked? Says:

    […] the mean time we have written this Zen Cart tutorial to help you determine if your Zen Cart has been hacked in this manner and help you get cleaned up […]

  2.  Twitted by ektz Says:

    […] This post was Twitted by ektz […]

Template Original