I've had an opencart install (2.0.1.1) become compromised. I've changed all passwords, even the root (its on VPS)
but this file: "system/storage/logs/twe.php" keeps being generated and a quick google search shows several other opencart sites with this file, and at least one lists "Hacked by The Way End"
Does anyone have experience with this?
Any idea what the entry point of the hack may have been?
Any idea what the entry point of the hack may have been?
some of them could be:
1. an unpro installed Server
2. an unpro installed Software
3. an outdated Software Version, like the one you use
4. a stolen 'pumped up' Theme or Extension, from one of the 'dark freeware Sites'
5. an active UPLOAD Function in OC
6. or whatever unknown else...
Ernie
some of them could be:
1. an unpro installed Server
2. an unpro installed Software
3. an outdated Software Version, like the one you use
4. a stolen 'pumped up' Theme or Extension, from one of the 'dark freeware Sites'
5. an active UPLOAD Function in OC
6. or whatever unknown else...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Check if your error.log file is not ending in php. It's an admin setting in stores list.
As a plaster you can add this to your .htaccess. It prevents executing php outside the oc framework
As a plaster you can add this to your .htaccess. It prevents executing php outside the oc framework
Code: Select all
<FilesMatch ".*\.php$">
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.168
</FilesMatch>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+ 
Thanks!
Who is online
Users browsing this forum: No registered users and 200 guests
