How do I secure a web site that has been compromised?

I have been transferring a shopping cart (zen cart) web site from a different server and hosting company. I am very concerned about security issues because the site has been hacked. Once a web site has been hacked, what kind of things should be doing to make the site secure again?
Here are some concerns: the owner is getting about 30 to 50 bounce back emails. The From line has the email address of the former hosting company. I suspect the only thing to do is to change the email address.
At one point, the configure file was changed: the username and password for the database. I changed the username and password but a customer called and said that she ordered a product the other day and it came from a different company from a different state.
So, obviously the site has been hacked and needs to be secure. The payment method is by credit card through Authorize.net.
What do I need to do to make sure this site is secure?

Hi
This is just one of the problems with open source software, anyone and everyone has access to the code and knows what the folder and file names are that they must change for re-direct of sales/payment and often worse the name of the database connections folder and default connection file name, (they often then only require to 'hack' the password).
Unfortunately many people keep a simple user name and password for the web site, which is often simple to guess or hack. As an example the ftp connection is in most cases relatively simple to hack, (there are many password hack programs available on the web, free) the user name is often a simple variation of the site name, with a password set to something similar to the site name or owners name, (the owners name is available from Internic or similar service).
At the very least - download a copy of the database, change the log-in details for the site and database, set up a completely new zen cart site using completely new files, (save any custom designs, css etc. and 'import to new set-up). Do not use any old server side script files unless you are certain they have not been changed, check your database for unauthorized changes, and then upload the 'new' database and files.
The email bounce back is quite common if the sender name is not one that is from the hosting servers email accounts, and is probably one of the reasons why many people simply 'give-up' trying to get such items to work. The idea behind the restriction is to stop spammers using your email account to send bulk emails via your server.
There is much more you could do, but this would depend on the size and traffic of the site, (cost effectiveness).
PZ
www.pziecina.com

Similar Messages

  • How can I block bogus web site that keeps trying to update firefox? Need to identify bogus site too.

    How can I block bogus web site that keeps trying to update firefox? Need to identify bogus site too.

    hello, this is a scam tactic that is trying to trick you into installing malware, so don't download or execute this kind of stuff - updates are handled automatically by firefox so you don't have to download anything (you can always initiate a manual check for updates in ''firefox > help > about firefox'').
    you might also want to run a full scan of your system with the security software already in place and different tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes], [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner] & [http://www.kaspersky.com/security-scan kaspersky security scan] in order to make sure that there isn't already some sort of malware active on your system that triggers these false alerts.
    [[Troubleshoot Firefox issues caused by malware]]
    you could also help by pressing F10 & going to ''help > report web forgery'' while you're on this dubious page - this might get the page into the list of malicious sites that get blocked in firefox (the actual list is maintained by google) or when such pages use the firefox logos or trademarks to trick users into downloading malware you could also file it at https://www.mozilla.org/en-US/legal/fraud-report/.

  • How do I unlock my iTunes account that has been disabled?

    How do I unlock my iTunes account that has been disabled?

    If changing your password does not solve, then contact itunes support

  • TS4006 How do i reactivate an iPad Mini that has been disabled

    How do i reactivate an iPad Mini that has been deactivated due to password without iTunes

    You have to restore the iPad using one of the methods in here.
    iOS: Forgotten passcode or device disabled after entering ...
    You will need to use Find My iPhone in iCloud.com in order to erase your device and unlock it so that you can use it again. See the very end of the article.
    This is copied from the article.
    If you have Find My iPhone enabled, you can use Remote Wipe to erase the contents of your device. If you have been using iCloud to back up, you may be able to restore the most recent backup to reset the passcode after the device has been erased.

  • How to see the table in se11 that has been created in oracle 10g directly

    hi,
    how to see the table in se11 that has been created at SQL> prompt in oracle 10g directly ?
    is there any procedure to attache directly created table  into sap ?

    I think you have to create it in SE11 first. Although you can probably use native SQL to access it from an ABAP program.
    Rob

  • How do i recover a text message that has been deleted

    how do i recover a text message that has been deleted

    Did you back it up first?  If so, are you willing to restore your iPhone back to the last backup?
    If you didn't back it up, it's gone.

  • FCPX, How do I reconnect a video file that has been modified or over written?

    FCPX, How do I reconnect a video file that has been modified or over written?
    As an animator, I am constantly modifying and overwriting movies files that have already been imported into the Final Cut time line. In FCP7, I could easily modify and update movie files and have those changes appear in the timeline without the need to reimport and re-edit those clips, but FCPX seems to lose it's connection with any modified or overwritten file, making all the editing work I've done to these files worthless.
    Does anyone know of a way to reconnect to a modified or overwritten file? Because, this one single issue makes FCPX completely worthless to me.
    Andy Murdock

    If you import the new clip , select it and drag over the old offline clip , you can choose from the menu ...

  • TS4006 how do i find my ipod touch that has been stolen

    how do i find my ipod touch that has been stolen and it is not hooked up to wifi so i can locate it on the map so i can take a cop and get it back

    lost/stolen                                      
    No app is required.                                               
    - If you previously turned on FIndMyiPod on the iPod in Settings>iCloud and wifi is on and connected go to iCloud: Find My iPhone, sign in and go to FIndMyiPhone. If the iPod has been restored it will never show up.
    iCloud: Find My iPhone
    - You can also wipe/erase the iPod and have the iPod play a sound via iCloud.
    - If not shown, then you will have to use the old fashioned way, like if you lost a wallet or purse.
    - Change the passwords for all accounts used on the iPod and report to police. The plocie will dolittle except if they recover it they can return it to you.
    - There is no way to prevent someone from restoring the iPod (it erases it) using it unless you had iOS 7 on the device. With iOS 7, one has to enter the Apple ID and password to restore the device.
    - Apple will do nothing without a court order                                                        
    Reporting a lost or stolen Apple product                                               
    - iOS: How to find the serial number, IMEI, MEID, CDN, and ICCID number

  • HT204053 How can I remove an apple id that has been disable from I cloud?

    How can I remove apple id that has been disable fro my iCloud ?

    You cannot delete an Apple ID. All you can do is stop using it.

  • How to handle a fully depreciated asset that has been brought back to life?

    I have an old fully depreciated asset(from the 1990s) that has been brought back to life and has new cost to add to it.
    The fixed asset master data looks like this:
    Capitalization date: 01.01.1998
    Historic APC: 0
    Acquisition value: X
    NBV: 0
    Ordinary depreciation: X
    Depreciation tab - no planned depreciation(for current fiscal year).
    Now I want to add the new cost Y to it. I add a subsequent acquisition but the planned depreciation (on the Depreciation tab) is not what I expect. I can't figure out how it is getting that amount. Calculation should be Y / Useful life starting 1st day of current period.
    The depreciation type setup is NBV / Rem life, straight line depr, prorata temporis.
    Any ideas?
    Thanks

    Okay, I have just realized how the system is calculating depreciation.
    useful life = 36.
    There are 3 months left in the current fiscal year. Depreciation is calculated as Y / (36 -9) = one month's depreciation.
    Why? Is this correct from accounting point of view? My client expects the calculation to be Y / 36 even though we are in period 10 of the current year.

  • How can I view video clips on other web sites? Nearly every web site that has a video clip to view is unavailable to me because my iPad doesn't support flash! I can't believe the iPad is unable to do this. How can I watch web video clips.

    What feature does iPad have in placement of flash player. Not having access to many web sites is killing the iPads appeal?;,

    Not to sounds rude, but this issue has been covered so much in the media that I find it hard to believe that people still don't know. However all iOS devices, never and will never support flash natively. Google "apple adobe flash war". There are some alternatives, try skyfire browser in the app store. Not perfect but might help. None the less, most sites these days support html5 video which runs on iPad. I am actually having hard time running across a site which doesn't support iPad. however that is my personal experience based on my personal interests.

  • How can I refresh a web site that I use often but it also changes its content frequently. Where is the refresh icon?

    I use to refresh my browser & web pages by clicking on the "refresh" button. This button is no longer on my browser. how can I refresh a web page or keep it up to date if there is no refresh icon to use.?

    Firefox 4 and later use a combined Stop/Reload/Go button that is positioned at the right end of the location bar.<br />
    During the page load process it shows as a Stop button and after the loading has finished the button is changed to a Reload button.<br />
    If you type in the location bar then that button becomes a Go button.<br />
    Middle-click the Reload button to duplicate the current tab to a new tab.<br />
    *https://support.mozilla.com/kb/common-questions-after-updating-firefox

  • How do I publish a site, that has been created on iWeb recently?

    I have created site on my iWeb recently, but hasn't been published yet. I wonder what is an acceptable way to do so, cause the programm suggests MobileMe subscription. Please help me, it is of immense importance for me.

    If this is your first website you might want to consider switching to an application that is currently being supported by the developers (iWeb has been discontinued for 2 years now) and has the modern features that most come to expect in such an application.
    If you search this forum for "iweb alternative" you'll find many topics discussing alterantive apps.  The one that is most iWeb like is Everweb and has been reviewed favorable in this forum.
    Everweb has a demo version that you can use to try to duplicate what you have in iWeb before you purchase it. 
    OT

  • I have a web site that has taken over mozilla fire fox

    bing . com has taken over my fire fox when i sign in 2 it my alo was my home page but it has been replaced with this site bing i did not do it i have tried 2 block it and remove it and i cant close it at all ,,, also i have removed fire fox and re installed it and still the same thing happens i have tried every thing but nothing works so what do i do 2 remove it or at least block it i can t even read my mail b/c it after 15 secs wll go back 2 the home screen 4 bing and will not let me view my mail its as if a parental block is on plz help charles

    In Tools, Addons, Extensions, you may wish to disable 'SearchToolbar' extension, restart Firefox.

  • How can I separate just a message that has been mis-threaded?

    I thread all of my messages as it helps keep them organized. I occasionally run across a message that is mis-threaded. Totally unrelated to the thread it has been included in. How do I separate out just that mis-threaded message and keep everything else threaded properly? TB24.3.0, Win XP

    Are the mis-threaded messages from the same sender? Is it possible they have used "Reply" inappropriately?
    More generally, if messages appear in inappropriate places, I'd try this:
    # Back up your profile (https://support.mozilla.org/en-US/kb/profiles-tb)
    # Select the folder
    # Right-click, select <em>Properties</em>
    # Select <em>Repair folder</em>

Maybe you are looking for

  • Recently the close tab function in safari has disappeared.

    Recently the close tab function in safari has disappeared and now I have to close tabs by right clicking, needless to say it's driving me mad. Is there a way I can sort this out?

  • Kernel panic on OS X 10.8.3

    Hi, anyone can help me figure out what is happening and what I should do about it? Interval Since Last Panic Report:  982926 sec Panics Since Last Report:          1 Anonymous UUID:                    B38D3258-68B8-BF59-2F8E-2BE95E675809 Thu Jun 13 1

  • Calendar entries arrive then disappear

    We have 4 iphones and use icloud for our family calendar.  More than once after somone makes an entry and hits the share button we see an invite, it appears on a calendar (either standard app or other and on iphone or could device) but a short time l

  • Drive not mounting

    G5 = one of my firewire external drives appears in disk utility but only with the vendor name but no volumes and it does not mount anymore on the desktop. What can be done? here is part of the console output: Looking for devices matching vendor ID=11

  • Live 5.1 internal p

    I need a guide ( i lost my manual) so I can install my front spaker and microphone connections using the internal pins. If someone could help me out I would appreciate it, especially if the guide explains how to install surround sound speakers too.