I was able to correct the problem by finding the date files were modified and replacing them from a backup.
How was the hacker able to get in? How can I patch this up? I remember deleting the uploads folder on 1.5.6 to sort this but can't think how the hacker is getting in on version 3.0.2.0
Also check for thing like, suspicious files in the storage/upload directory (which shouldn't be publicly accessible), admin accounts you didn't add, FTP accounts that aren't used anymore that may have weak passwords, etc.
Of cause if you haven't already, change all your passwords.
viewtopic.php?f=202&t=207977
viewtopic.php?f=202&t=208006
viewtopic.php?f=202&t=207894
Was it a clean install of OpenCart 3 or did you upgrade from a previous version? Also what theme are you using?
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
https://www.antropy.co.uk/blog/opencart ... orize-net/
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
---
@johnp: -Try using Crawlprotect- would not help much, after someone already
placed some BadCode into a Software, because it automatically reroutes Payments to
other Addresses, after an order has been made, without the need to be 'called' from
somewhere else.
But if one really wants to make sure, better remove all NOT USED payments 'physically'
from OC Software, as well as all 'internal' linkings and 'variables', related to such Code.
But it's not as easy, as it might sound, one should therefore better not try, to achieve such,
if one is not familiar with OpenCart Source, and it's way of doing things.
I removed Amazon, Authorizenet, Openbay, eBay, as well as some PP Payment Methods,
especially under the aspect, that some of the fundamental Initialisation is beeing
done by OC-Default during startup already, and so possibly ALLOWS BadCode to execute,
without the need, to add some startup-routines somewhere in the first place, and where
they could be found as well ...
Who knows ?! I will never understand, how someone can use a Shop Site for anything else
anyway, but getting a free box full of tools does not 'make' a 'certified' Mechanic either...
Technically and security-wise, it's as unprofessional as something can be done.
But I am no Coder, so, I just don't know. And on my Test Sites, there is no Wordpress,
and/or other potentially 'dangerous' Code, when it comes to find a hole. And I get
bombarded with that WP Crab Hack Code, on a regular Schedule.
But strictly technically, and from a Swiss Point of View, it makes no sense anyway,
to have bunches of files, placed on a Server, for not one single good reason. It's like
driving around in a Car with a trunk full of empty bottles ...
And one so never gets to the GTMetrix OC Top Scorers either
Ernie
---
OC startup.php Content, the last few lines:
Code: Select all
require_once(DIR_SYSTEM . 'library/template.php');
require_once(DIR_SYSTEM . 'library/openbay.php');
require_once(DIR_SYSTEM . 'library/ebay.php');
require_once(DIR_SYSTEM . 'library/amazon.php');
require_once(DIR_SYSTEM . 'library/amazonus.php');
download/file.php?mode=view&id=36011
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Users browsing this forum: halfhope and 509 guests