Re: Cannot Login - Access Found!

[Emanoil Kotsev <deloptes@yahoo.com>]

Raquel wrote:

> On Thu, 20 Aug 2009 12:59:39 -0500
> Ron Johnson <ron.l.johnson@cox.net> wrote:
> 
>> > The machine has been hacked by someone using a Romanian IP address
>> > and has been taken offline while I continue to investigate.  Then
>> > I'll do a new install and rebuild.
>> 
>> How'd he get in?
> 
> I found it!  He got in through a vulnerability in Zen Cart.
> 
> I found in /var/log/auth.log where he'd changed the passwords of root
> and myself and confirmed it in syslog.  Then I found
> in /root/.bash_history where he'd downloaded some scripts to the
> server, then started going through logs.  Finally I was digging
> through apache logs and found him.  Then I googled for a
> vulnerability in Zen Cart and found this:
> http://www.securityfocus.com/bid/35467/info
> 

Cite: "Note that the issue occurs only when the 'admin' directory wasn't
properly renamed during the installation process." ????

is this true?

means your fault!

sorry and reagards