The process shows from the console when running `top` but does not show with `ps aux` for some reason. In addition, if I kill the process, it starts again immediately. To permanently stop the process I have to delete it first and then kill it. I cant figure whether it is executed remotely with an http request or not.
After the first attack a few weeks ago, I went ahead and renamed the admin folder and also added htpasswd protection to the folder. In addition I have changed the ftp password. Today, the very same file is placed in /catalog/view/ folder which I again deleted and killed.
Any of you have had the same or similar experience? Any advice is really appreciated.
Check out my free module CoreAdmin for Opencart
Opencart 18.104.22.168/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Fast Service for Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
Users browsing this forum: No registered users and 6 guests