my site was recently hacked. I'm not a programmer, only a web designer but have the help of a programmer. Upon contacting my hosting company they told me the hackers had gone in and inserted iframes. My programmer has since cleaned up the files, so that Google could take the warning off my site, however we are still unsure as to how the hackers got in in the first place, and it is probably just a matter of time before they attack again.
Can any of you provide a suggestion as to how this can be fixed so they aren't able to get in?
My site is such that it does not use the login/password for my customers - we removed that, so it isn't a question of putting these files into another folder outside of publi_html.
Have any of you had this problem? or know how to guard against any future hacks?
How did you 'remove' it... how do customers 'login' now? Can you pm me and I might be able to tell you if your site is open for attacks.My site is such that it does not use the login/password for my customers - we removed that, so it isn't a question of putting these files into another folder outside of public_html.
Follow me on twitter.com/alreadymade
This will be due to write permissions / a cpanel exploit or similar on the server.
The hackers look for common files that are writable to gain access to the host.
They then look about for any template files (not just open cart) where they can insert iframe code to inject stuff via the browser to other peoples computers etc.
There is plenty in google about this that may help. I would look about to see if anyone else has had issues on the particular host that you use.
First, i'm french..so sorry ! I got the same attack in all of my site (i'm a web developper...i've got many site online). If you want to remove this virus/attack, you will need to first scan your computer with anti-virus and anti-spyware/malware twice (suggest to make it in "safe-mode"). Once this step is done, you will need to search in all, and ALL, of your online files for the <iframe> attack and remove it. If you forget somes files and the iframe is always in..you will get the attack once again. After making all the file checkup, change your FTP account and password. Last step, you will need to contact Google to scan your website to remove the advertissement.
Here some usefull info :
http://www.guardian.co.uk/technology/20 ... ity.google
http://arstechnica.com/security/news/20 ... o-kill.ars
http://www.softpanorama.org/Malware/Mal ... tack.shtml
And have luck, I had really big problem removing this virus from my computer and website.. hope you made a backup of your site before. For more info, try searching "iframe attack" in google.
**This attack is not coming from Opencart, hosting provider or else, it's something in your computer..virus..spyware/malware
If they were file based changes, then your computer probably inserted the code via malware or spyware.
If they were database changes, then your template designs or the customization you've done has opened a security hole in opencart to allow injection from the browser when using your site or maybe someone guessed your username and password.
If it's not a large file, please feel free to zip it up and email it to me and I'll run some hacking attempts on it to see if the code is open to attack.
Follow me on twitter.com/alreadymade
I have had ths done before through 2 web sites. It would take to long doing each site indivdually.
Once they get in the upload a banking script and send out spam mail or add some code into your script.
Again I don't think this hack will be done via opencart. You hosting company will have a administration or billing section that would be easier to hack with a list or usernames and passwords for all there sites.
you can check what IP's have had access to your admin by lookign at your error logs.
Project Owner & Developer.
II just upgraded my store from 133 to 134 then i see my shop as normal but in Admin there is a warning of malware attack. Can you advise how to clear the warning?
Phnom Penh, Cambodia
It was working fine up until today - I also noticed the same error on Qphoria's site. Any ideas whether it's connected to what's been discussed in this thread or maybe a Google precaution as Chat is still a Beta project & don't imagine Q has the same webhost as my client?This content cannot be displayed in a frame.
To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.
What you can try:
Open this content in a new window
http://blog.futtta.be/2009/12/02/google ... e-options/
and this about Google News module, which led me to it :
http://www.simplyraydeen.com/authors/12 ... he-problem
Users browsing this forum: No registered users and 28 guests