today i found my site has been hacked by DeadlyCrew.İNFO/Deadly-Warrior.
just front end has been hacked i guess. so what should i do now, should i just restore my backup or any way to find out where is the weak point?
my site www.unlocksolution.com
waiting for your advice.
Thank you for contacting A2 Hosting!
It was not due to the server. There are any number of ways a site can be hacked. A2 hosting cannot provide forensic details on every site that is hacked unfortunately. We can provide you with methods to clean the hack however. "
Code: Select all
<html> <head> <link rel=”icon” type=”image/png” href=”http://img.webme.com/pic/i/iconvar/turk-b-2.png” /> <title>DeadlyCrew.İNFO/Deadly-Warrior</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <body bgcolor="black"> <center><img src="http://i.hizliresim.com/W09o88.png" width="700" height="400" alt="Hacked!" /></center> <h2><center><font face="arial" size="5" color="white">Biz Ancak<font color="red"> rükuda eğiliriz</font></center></h2> <br> <center><font face="arial" size="3" color="white">DeadlyCrew dont forget 18 March!<br>We dont forget anyone!<br> We are Turk! <br>We are celebrating 18th March Canakkale Victory <br>Canakkale is impassable<font color="red"></font></center><br><center><font face="arial" size="3" color="white">DeadlyCrew.İNFO | <font face="arial" size="3" color="RED"> DELİLER TİM</FONT></center> <embed src="https://www.youtube.com/v/eltPkGySVYQ&autoplay=1" type="application/x-shockwave-flash" height="0" width="0"></embed> </body> </html>
however i have disabled google analytic module for now just to be in safe side.
If you want to check for any weak points look for access to admin/index.php?route=extension/analytics/google_analytics (or any other suspicious activity) in your server logs. If you look at the IP address and then see what was the first entry point from that IP address.
Which module are you using? The one that comes with opencart, or a 3rd party extension?
How did your host suggest to 'clean' it up? Detailed cleaning instructions can point you toward the method of entry.
Check your FTP logs. Check your web access logs for access to admin/index.php?route=extension/analytics/google_analytics or anything else that looks suspicious.
Change all your passwords.
https://nintechnet.com/ninjafirewall/pro-edition/ (get the Pro+ Edition).
You can identify and block problem IP's. While nothing is perfect, it at least gives you another level of security.
There are raw access logs, ftp access logs mysql logs in fact almost anything is logged.
So when a host tells you he cant give you any logs most of time it just means there server is compromised and more sites are hacked.
They just wont admit it and like to keep it quiet leaving you in the dark.
When infected it simple to check if on shared hosting.
you know your sites ip adres, if not check your domainname dns.
use this site to find out wich saites are on shared hosting
https://www.yougetsignal.com/tools/web- ... eb-server/
Check all those sites.
If you find more compromised sites you know it happend on server level.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
Simple, 'hands off' website security
https://www.evolvewebhost.com/account/c ... add&pid=47
We can help you find the right hosting setup for your Opencart stores. Feel free to get in touch with us today! 65% off shared hosting for a limited time.
Users browsing this forum: No registered users and 2 guests