Hi everyone,
I have an opencart site (3.0.2.0) that was hacked via the authorize.aim hack a few months ago. I fixed it, but think something may have been left behind. I found this script that only appears at the checkout:
https://batbing.com/js/bat.min.js
Kapersky labels it as a hostile script.
I've searched all through the website files and the modifications for any reference to that javascript and have found nothing. I even did a file comparison between the original opencart 3.0.2.0 download and the modified site, and could not find anything that could be causing this.
Any idea where I should look to find where this script has been inserted? Its definitely not in the twig files and does not appear to be in the /catalog or /system folders.
Any help would be appreciated, as I'm sitting here scratching my head.
I have an opencart site (3.0.2.0) that was hacked via the authorize.aim hack a few months ago. I fixed it, but think something may have been left behind. I found this script that only appears at the checkout:
https://batbing.com/js/bat.min.js
Kapersky labels it as a hostile script.
I've searched all through the website files and the modifications for any reference to that javascript and have found nothing. I even did a file comparison between the original opencart 3.0.2.0 download and the modified site, and could not find anything that could be causing this.
Any idea where I should look to find where this script has been inserted? Its definitely not in the twig files and does not appear to be in the /catalog or /system folders.
Any help would be appreciated, as I'm sitting here scratching my head.
I they were able to rewrite your Google Analytics code in the database. They either have access to your database (or cPanel) or to your OpenCart admin. Don't forget to change all your passwords, if you haven't already.
We recommend these guys in cases of hacking:
https://www.getastra.com/
https://www.getastra.com/
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Hi, I think I have the same issue as you. Various scans have reported a malicious link to a javascript file hosted on a different website in the header of my site. Would you be able to provide more information on how you fixed this issue?
Thanks,
Joe
why is that in your database?I they were able to rewrite your Google Analytics code in the database
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
You need to remove the code and fix your Google Analytics code in the analytics module. I would also recommend you check if your theme has and updates that may have security patches. Also change all your passwords, such as all OpenCart admin logins, all hosting control panel logins, all FTP account, etc.
Who is online
Users browsing this forum: Bing [Bot] and 231 guests