“Eval attack” : Protect your OS Commerce shopping cart

This eval attack is going on from sometime on OS Commerce shopping carts. Symptoms:

  • OS Commerce shopping carts are suddenly showing a blank white page, without anything on page source
  • The first page is loading, but with an « eval » message

Irrespective of whether you have been attacked by this virus, it’s important that you should protect your OS Commerce shopping cart from this attack. Hoping that the OS Commerce developers will address this issue in one of their future releases, let’s get a workaround for now.

I was told by my server administrator that a very good way of doing this is to hide the admin directory behind .htaccess password. If you are using cPanel, it’s relatively easy, go to the « Password protect directories » link on the backend of your cPanel, and do the necessary. And yes, do it now, before the next attack – it’s urgent.