Page 1 of 1
opencart Version 2.3.0.2 hacked
Posted: Mon Mar 13, 2017 7:05 pm
by theone
hello,
today i found my site has been hacked by DeadlyCrew.İNFO/Deadly-Warrior.
just front end has been hacked i guess. so what should i do now, should i just restore my backup or any way to find out where is the weak point?
my site
www.unlocksolution.com
waiting for your advice.
thank you
Re: opencart Version 2.3.0.2 hacked
Posted: Mon Mar 13, 2017 7:20 pm
by theone
im hosting with a2hosting.com with their shared hosting. i already asked them about his hack and waiting for their reply.
Re: opencart Version 2.3.0.2 hacked
Posted: Mon Mar 13, 2017 8:59 pm
by theone
from a2hosting i got this reply -
"Hello,
Thank you for contacting A2 Hosting!
It was not due to the server. There are any number of ways a site can be hacked. A2 hosting cannot provide forensic details on every site that is hacked unfortunately. We can provide you with methods to clean the hack however. "
Re: opencart Version 2.3.0.2 hacked
Posted: Mon Mar 13, 2017 10:04 pm
by theone
i think it was done through google analytic module . i found this code in google analytic module
Code: Select all
<html>
<head>
<link rel=”icon” type=”image/png” href=”http://img.webme.com/pic/i/iconvar/turk-b-2.png” />
<title>DeadlyCrew.İNFO/Deadly-Warrior</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<body bgcolor="black">
<center><img src="http://i.hizliresim.com/W09o88.png" width="700" height="400" alt="Hacked!" /></center>
<h2><center><font face="arial" size="5" color="white">Biz Ancak<font color="red"> rükuda eğiliriz</font></center></h2>
<br>
<center><font face="arial" size="3" color="white">DeadlyCrew dont forget 18 March!<br>We dont forget anyone!<br> We are Turk!
<br>We are celebrating 18th March Canakkale Victory
<br>Canakkale is impassable<font color="red"></font></center><br><center><font face="arial" size="3" color="white">DeadlyCrew.İNFO | <font face="arial" size="3" color="RED"> DELİLER TİM</FONT></center>
<embed src="https://www.youtube.com/v/eltPkGySVYQ&autoplay=1" type="application/x-shockwave-flash" height="0" width="0"></embed>
</body>
</html>
Re: opencart Version 2.3.0.2 hacked
Posted: Fri Mar 17, 2017 10:56 pm
by ADD Creative
I would check your server logs for access to anything under /admin/. Look for IP addresses that aren't yours.
Also check your FTP logs.
Re: opencart Version 2.3.0.2 hacked
Posted: Mon Mar 20, 2017 9:53 pm
by theone
well if i search "DeadlyCrew dont forget 18 March" on google i can see many other web sites powered by opencart were hacked including mine. and i already confirmed with my hosting which is a2hosting they confirmed it was not due to shared hosting..
however i have disabled google analytic module for now just to be in safe side.
Re: opencart Version 2.3.0.2 hacked
Posted: Tue Mar 21, 2017 11:23 pm
by ADD Creative
I can't see that disabling the Google Analytics extension will prevent further attacks. If they could modify its contents then they can re-enable it.
If you want to check for any weak points look for access to admin/index.php?route=extension/analytics/google_analytics (or any other suspicious activity) in your server logs. If you look at the IP address and then see what was the first entry point from that IP address.
Re: opencart Version 2.3.0.2 hacked
Posted: Sun Mar 26, 2017 10:10 am
by angela
theone wrote: ↑Mon Mar 13, 2017 10:04 pm
i think it was done through google analytic module . i found this code in google analytic module
Which module are you using? The one that comes with opencart, or a 3rd party extension?
How did your host suggest to 'clean' it up? Detailed cleaning instructions can point you toward the method of entry.
Re: opencart Version 2.3.0.2 hacked
Posted: Tue Feb 12, 2019 6:32 pm
by pretrator
Hi,
I am new to the opencart community,
Today i found my website hacked,
Well there was same google analytics edited.
I have a strong password on admin panel Also.
Any idea to anyone.
Re: opencart Version 2.3.0.2 hacked
Posted: Thu Feb 14, 2019 11:33 pm
by ADD Creative
What version of OpenCart? Was the code that you entered into the Google Analytics module changed or the PHP files themselves? Have you clicked on any links that have taken you to your admin login?
Check your FTP logs. Check your web access logs for access to admin/index.php?route=extension/analytics/google_analytics or anything else that looks suspicious.
Change all your passwords.
Re: opencart Version 2.3.0.2 hacked
Posted: Wed Mar 27, 2019 5:54 am
by procheck
You might want to try and add this firewall. It's only $40 USD/year
https://nintechnet.com/ninjafirewall/pro-edition/ (get the Pro+ Edition).
You can identify and block problem IP's. While nothing is perfect, it at least gives you another level of security.
Re: opencart Version 2.3.0.2 hacked
Posted: Wed Mar 27, 2019 6:12 am
by victorj
Every host has acces to root level of a shared server and therefor can deliver all access logs to any site of that server.
There are raw access logs, ftp access logs mysql logs in fact almost anything is logged.
So when a host tells you he cant give you any logs most of time it just means there server is compromised and more sites are hacked.
They just wont admit it and like to keep it quiet leaving you in the dark.
When infected it simple to check if on shared hosting.
you know your sites ip adres, if not check your domainname dns.
use this site to find out wich saites are on shared hosting
https://www.yougetsignal.com/tools/web- ... eb-server/
Check all those sites.
If you find more compromised sites you know it happend on server level.
Re: opencart Version 2.3.0.2 hacked
Posted: Tue May 21, 2019 5:51 am
by Specimen
This can be rather tricking. I hope that
here you'll find some tips.
Re: opencart Version 2.3.0.2 hacked
Posted: Fri Jun 14, 2019 1:35 am
by EvolveWebHosting
Here's a free solution for anyone no matter who your hosting provider is. Try it for 30 days and if you don't like it, you don't have to pay for a monthly / annual license thereafter. Comodo will scan and remove any malware and you are protected by a Firewall and connected to a CDN for faster content delivery. If you've got any questions about it, use our live chat. If you don't want to pay for the service after 30 days, Comodo will still scan for malware and clean it up 2x / month for no charge.
Simple, 'hands off' website security
https://www.evolvewebhost.com/account/c ... add&pid=47