The popular osCommerce ecommerce application has been under attack at least since last week, according to web application security firm Amorize. At last count the attack has affected more than three million pages. The attack, in the form of an iFrame injection, utilizes several vulnerabilities in older versions of osCommerce. The latest version doesn’t seem to be affected. Any business using an older version of osCommerce is advised to upgrade immediately.
The Zen Cart ecommerce application, which was initially a value added fork of osCommerce, doesn’t seem to be affected. Kim Elliott, one of the founding members of Zen Cart, told me, “As far as I know there hasn’t been a problem. As long as you have our latest version and file permissions set correctly you shouldn’t have any issues.”
Help Net Security reports that a hacked osCommerce site will redirect that site’s visitors to various “drive-by” sites:
Unfortunately, the attack is difficult to detect using most AV solutions and will require web site admins to do a little digging. Again according to Help Net Security:
“In order to check if their website(s) have been affected by the attack, Armorize advises owners/administrators to check their logs for access from the following IPs: 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199 (located in Ukraine), and to check the web pages’ source code for the offending iFrames.
Of course, keeping your installation patched and up-to-date is crucial for web site security, as the black hats are always searching for new exploits. As Kim Elliot with Zen Cart (again, not affected by this exploit) told me, “Security is a very movable feast. As soon as you lock one door, they’ll find another.”