The Official Website of AgoraCart and Agora.cgi
AgoraCart.com Demos Download AgoraCart User Manuals & Wiki Gold Members Forum Go Gold Now! Gold Version Memberships

AgoraCart.com

About
Features
Download
Payment Gateways
Send a Donation
Founders Club
BLOG: News & Updates

Showcases & Demos

AgoraCart Demos
Shop Live Stores

Downloads & Add-ons

Gold Version Downloads
DBwizz Database Mgr.
AgoraCart.com Store

Help & Support

User Manuals
Gold Version Users Forum
Gold Version Chat
Tech Support
Certified Agora Pros
Certified Designers
Hire a Freelancer

Gold Version Members

Member Benefits
Join Today!
Gold Members Home
Gold Version Users Forum
Gold Version Chat Rooms
Gold Version Downloads

For Store Owners

Merchant Accounts
Cool Resources
Advertise Here
"Powered by" Logos
Web Hosting Search

Misc.

Contact Us
MEET's Talking Guide
The Ancient Greek Agora






AgoraCart Free User Forums

This is the official FAQ and Cool Tips guide For the AgoraCart shopping Cart software


Official Sponsors of the AgoraCart Project:

       


RegisterSearchFAQLog in
Reply to topic Page 1 of 1
Very Strange Symbols in Dreamweaver File Manager
Author Message
Reply with quote
Post Very Strange Symbols in Dreamweaver File Manager 
Hi I am running Dreamweaver 8.0 and get these unknown symbols when browsing my Agora installation in the FTP file Manager.

"@@@@!!@@@@"

My site has been reported and blocked as an attack site several times and I have found these files with symbols whilst looking to identify the problem. They are in every directory of my Agora Installation.

but have no extension or file size showing. Has anyone else encountered these, is it malware or spyware or something similar. I've directly entered the site via and FTP window and can't see the files, so am a bit lost. They don't delete or change. Is it something wrong with the hosting? If anyone can help please let me know. Have a look at the image linked below to see what I mean.

Cheers

Matt



View user's profile Send private message
Reply with quote
Post  
That is not an Agora file.
What are the '_wp_generated' directories???

Check the actual server and remove those files and the '_wp_generated' directories...


_________________
God Bless!
Bonnie - AgoraCart Moderator

Get a Gold Membership
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger ICQ Number
Reply with quote
Post  
Yes it is very much an Agora Installation.

The WP folders are my own work, which contain custom html and images to give the site a unique appearance. As they do not include dynamic code I know they are safe. So just to reiterate this is very definitely an agoracart installation that I am seeing the strange symbols in. Any other feedback is much appreciated.

Cheers

Matt

View user's profile Send private message
Reply with quote
Post  
Matt,
I didn't say it wasn't an AgoraCart install... What I said was that the "@@@@!!@@@@" files are NOT a part of the Agora install... REMOVE THEM...

As far as the wp stuff, we do NOT suggest using anything other than a plain html editor to edit ANY of the AgoraCart files as other WYSIWYG editors can break the cart.

I would be concerned about the programs that you use on the server as they may be avenues for hackers to get in to the server and plant files that may do damage or steal customer data.
What has been the contents of the "@@@@!!@@@@" directories?
Agora is a very secure shopping cart system, one of the most secure available...
So the hacker that placed the files probably did not get in through Agora, but somewhere else.
PHP programs are always suspect and CMS systems are the most likely route for a hacker...

We, generally, do not use any FTP built into an HTML editor.
We suggest using a stand-alone FTP like FileZilla.

BTW, who is the web host?


_________________
God Bless!
Bonnie - AgoraCart Moderator

Get a Gold Membership
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger ICQ Number
Reply with quote
Post  
which version are you using that is using 9999... cookies for bots?
i doubt anyone has attacked agora.cgi directly. more probable is your pc has been compromised or the server itself.

please do a sceenshot of your protected files and folders... all files and folders.
i think the "@@@@!!@@@@" is the server replacing files and/or folder names found to be undesirable. if you look at the permissions for the "@@@@!!@@@@" i think you'll find that permssions are for root only which means neither you nor an attacker can change or access.

run an online scan of your pc from kaspersky labs to see if it can detect anything. after the scan and fixes, if any, change all passwords..., cpanel, ftp, store manager and etc. and use secure passwords (aphanumeric, upper and lowercase at least 8 characters and no whole words).

find sources that have labled your site as exploitive and see if you can determine exactly why.

thing is once an attacker has access to an account or server it's easy enough to script an exploit to send off data run by any program. so it's not a direct attack on agora.cgi as much as using agora.cgi as a vehicle, if anything.
are you using any php programs such as forums or guestbooks? these could be the source of server access. do security updates or disable for awhile.
download your "raw log files" from cpanel and examine for unusual querystrings and note the program names.
what does your hosting have to say about your issues?
d

Reply with quote
Post  
The hosting provider has no explanation for the '@@@@!!@@@@' files, as mentioned previously they cannot be deleted or removed. The agora cart installation is installed alongside Joomla (1.5.10) latest version and PHPBB version 3. I think phpbb version 3 is where the weakness is as the site has definately been hacked but the agora cart section has been untouched. I've found evidence of a RFI inclusion and have been forced to assume that the PHPBB installation is the problem as this is also victim to a spambot which is really annoying. I'm dropping the phpbb installation and replacing it with another software bulletin board. This should hopefully solve the problem once all passwords have been changed.

Cheers

Matt

View user's profile Send private message
Reply with quote
Post  
Can the hosting provider remove them for you?
Most of the files should be able to be removed via the FTP client in the cpanel of your hosting.


_________________
God Bless!
Bonnie - AgoraCart Moderator

Get a Gold Membership
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger ICQ Number
Reply with quote
Post  
i did a little research but not a whole lot of time to devote to this right now. the only reference that made sense is possibly partition manager markers. since your partitions are apparently intact i am assuming if this was an attempt to wipe partitions it would have been done and we would have other issues, indeed.
i do not know what the "@@@@!!@@@@" characters represent but they seem not to be volatile in and of themselves. they are probably the result of some script or crack attempt. one would have to investigate to determine the source of the creation of these characters and their meaning.

one thing to try if you want to totally clean up the hosting account is to clean up (remove) file-by-file undesired files and folders then backup file-by-file all files and folders and sql and other dBs. have the hosting kill your account then set up a new one under a different account name (same TLD). then you can restore your files and folder trees file-by-file and email accounts and sql dBs along with your store.
update your store. the 999* cookies indicate to me that you're using and outdated version of agoracart.

holler if you need help.
d

Display posts from previous:
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum