Post by redding » Thu Apr 06, 2017 12:15 am

I've had an opencart install (2.0.1.1) become compromised. I've changed all passwords, even the root (its on VPS)
but this file: "system/storage/logs/twe.php" keeps being generated and a quick google search shows several other opencart sites with this file, and at least one lists "Hacked by The Way End"
Does anyone have experience with this?
Any idea what the entry point of the hack may have been?

Newbie

Posts

Joined
Thu Apr 06, 2017 12:05 am

Post by IP_CAM » Sat Apr 08, 2017 12:37 am

Any idea what the entry point of the hack may have been?

some of them could be:
1. an unpro installed Server
2. an unpro installed Software
3. an outdated Software Version, like the one you use
4. a stolen 'pumped up' Theme or Extension, from one of the 'dark freeware Sites'
5. an active UPLOAD Function in OC
6. or whatever unknown else...
Ernie

Ernie's OpenShop 1.75 with responsive Bootstrap Themes:
http://www.bigmax.ch - http://www.ocshop.li
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by artcore » Sat Apr 08, 2017 2:10 am

Check if your error.log file is not ending in php. It's an admin setting in stores list.
As a plaster you can add this to your .htaccess. It prevents executing php outside the oc framework

Code: Select all

<FilesMatch ".*\.php$">
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.168
</FilesMatch>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>

User avatar
Active Member

Posts

Joined
Tue Jul 09, 2013 4:13 am
Location - The Netherlands
Who is online

Users browsing this forum: No registered users and 8 guests