Well then, first find out, where/how the intruder came into your system.
For this, download the entire Software from the Server, including your
image Directories, because you have to check into those Directories
as well, to find out, if anything else, but real images, exist in those Subs.
On the Server, remove the entire content of your Shop Directory,
exept for the image/data/...
Subdirectories , but clean out in full the
Or then, RENAME the existing Shop Directory, create a new one,
and further follow the advise below.
Then, check the Site ROOT section and it's Subdirectories, it may
be possibly, that an attacker found a hole there somewhere...
OC v.22.214.171.124_rc - download:
http://www.bigmax.ch/shop/index.php?rou ... tion_id=4
Then just upload the latest 126.96.36.199
_rc Version, it's the same
Version as yours, but it had some important fixes made, on misses found
on OC v.188.8.131.52 before. You don't need to upload the 184.108.40.206 INSTALL
anymore, BUT also upload the two old and already configured
Files, one in shop ROOT and one in shop ADMIN Section ,
content-wise as downloaded before from the old Server Shop Software.
Your Shop should then technically work, as before, but some settings
may have to be admin-set again. And if you use a VqMod, get, unzip,
upload and install VqMod v.2.6.1 first:
and add your VqMod, after checking it too for possibly 'false' code!
This way, you at least can be sure, to have clean system again.
But then, the Database
needs to be checked as well, since the
hack has possibly been placed there. But you should also COMPARE
the Content of a CLEAN 220.127.116.11 and your downloaded Shop Files,
to find out, if something FISHY has been added somewhere in some way.
And before you remove the old Software from your PC, check the Shop/DOWNLOAD
Subdirectory, possibly, someone added the hack by uploading something into
this Folder. Who knows ?!
But it's not a known 18.104.22.168 vulnerability, rather a Door, left open by you
or your hoster, without beeing aware of possibly ...
Take it or leave it !