Evening all,
I am running OC V 1.4.9.3 which was upgraded.
Last week I was making some changes to my categories and when checking homepage was greeted with a black screen and message saying "owned by ghost_cyber a.k.a CivO Ngaw|HackerL|nK Team", i immediately contacted my host who looked in to the issue and informed me off the following
"reviewing the account there has been several exploit attempts to scripts under your account. Most notably it appears that the hacked files was uploaded through the admin file manager. Please make sure to change your back end password and that the script that you are using is upgraded to the most current version to prevent further exploitation.
At this time I have removed the defaced page from your account."
They sorted the problem but were basically saying this was an OC issue.
I changed all my password from back end to even changing passwords for FTP & C Panel and all has been ok until this evening.
Whilst writing product description for a new product in my Admin panel I noticed I was getting the egg timer which I thought was odd as I was just writing text, went and checked my home page and there is the horrible message again.
I have contacted host who are in the process of dealing with it but was hoping someone on there could please help me. How are they doing it as it seems it only happens if I am logged in admin making changes? I don't want this to keep happening so any help would be hugely appreciated.
Thanks
Debbie
have you run a virus scanner on your computer?
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
Hi again,
I am currently running OC V 1.4.9.3 which is an upgrade from an earlier version. After having some home page issues and possible website being hacked I have just done a search on the forum and found some posts referring to both domPDF and FCKeditor...
When checking my directory I have found both these folders and need to know if they should be deleted? Do I delete the whole folder or is it just certain files within the folder?
Please advise?
Thanks
Debbie
I am currently running OC V 1.4.9.3 which is an upgrade from an earlier version. After having some home page issues and possible website being hacked I have just done a search on the forum and found some posts referring to both domPDF and FCKeditor...
When checking my directory I have found both these folders and need to know if they should be deleted? Do I delete the whole folder or is it just certain files within the folder?
Please advise?
Thanks
Debbie
Hi,
I have run full virus scanner and malware scanner on PC several times and both report nothing found.
Host have just come back and said "The index.html file was modified through the same way, the admin file manager"
Quite blunt with also!!
Debbie
I have run full virus scanner and malware scanner on PC several times and both report nothing found.
Host have just come back and said "The index.html file was modified through the same way, the admin file manager"
Quite blunt with also!!
Debbie
I would delete the whole folders. neither folder is distributed with opencart anymore.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
Merged, please keep it in one post if related. 
Thanks.
Thanks.
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
My apologies i2Paq 
Could still have these folders have been the cause? So scared of logging in my admin panel now in case it happens again.
Could still have these folders have been the cause? So scared of logging in my admin panel now in case it happens again.
Probably a good idea to change the name of the admin folder to something else as well. If you do, remember that you will need to change the admin config file as well.
Not sure if this will help stop the problem in the future, but I always think it's a good idea to do this.
Not sure if this will help stop the problem in the future, but I always think it's a good idea to do this.
I heart cmd-f, cmd-c, cmd-v, cmd-z + vQmod.
My favourite page...
v1.5.4.1
Dompdf is safe to use IF you remove the "dompdf.php" file from the dompdf folder, as this is the file that is used for "attacks", by passing variables through the address line in the form:
http://www.yourstore.com/system/helper/ ... some_value
Removing the "dompdf.php" file from the package (as recommended by the developers) prevents this from happening.
The FCKeditor should be completely removed.
http://www.yourstore.com/system/helper/ ... some_value
Removing the "dompdf.php" file from the package (as recommended by the developers) prevents this from happening.
The FCKeditor should be completely removed.
Modules for OpenCart 2.3.0.2
Homepage Module [Free - since OpenCart 0.7.7]
Multistore Extensions
Store Manager Multi-Vendor/Multi-Store management tool
If you're not living on the edge ... you're taking up too much space!
Thank you all, I downloaded the latest version of OC and checked file directories and see that domPDF and FCKeditor files are no longer there so have being deleted. After pushing host company for more information it seems the file was being accessed through
"admin/view/javascript/fckeditor/editor/filemanager/connectors/php/connector.php"
Debbie
"admin/view/javascript/fckeditor/editor/filemanager/connectors/php/connector.php"
Debbie
Who is online
Users browsing this forum: No registered users and 68 guests
