Post by redding » Thu Apr 06, 2017 12:15 am

I've had an opencart install ( become compromised. I've changed all passwords, even the root (its on VPS)
but this file: "system/storage/logs/twe.php" keeps being generated and a quick google search shows several other opencart sites with this file, and at least one lists "Hacked by The Way End"
Does anyone have experience with this?
Any idea what the entry point of the hack may have been?



Thu Apr 06, 2017 12:05 am

Post by IP_CAM » Sat Apr 08, 2017 12:37 am

Any idea what the entry point of the hack may have been?

some of them could be:
1. an unpro installed Server
2. an unpro installed Software
3. an outdated Software Version, like the one you use
4. a stolen 'pumped up' Theme or Extension, from one of the 'dark freeware Sites'
5. an active UPLOAD Function in OC
6. or whatever unknown else...

Ernie's OpenCart v. LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites - -

User avatar
Guru Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by artcore » Sat Apr 08, 2017 2:10 am

Check if your error.log file is not ending in php. It's an admin setting in stores list.
As a plaster you can add this to your .htaccess. It prevents executing php outside the oc framework

Code: Select all

<FilesMatch ".*\.php$">
Deny from all
Allow from ::1 localhost 192.168
<Files index.php>
Order Allow,Deny
Allow from all

Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: I moved on to Laravel ;D


User avatar
Active Member


Tue Jul 09, 2013 4:13 am
Location - The Netherlands
Who is online

Users browsing this forum: No registered users and 5 guests