Post by Nordikota » Fri Dec 13, 2019 4:53 pm

Hi. Site is OC3.0.3.2 running Journal3

Our site has been hacked somehow and a number of files (Index.php) have been added that redirect customers to Spam sites. .htaccess files have been renamed. I've been through every directory and manually removed the files, updated .htaccess to disallow access, changed the file attributes to remove write access and changed all Admin & FTP passwords.

2 days later the site was hacked again. So I did the same thing again all over again.

2 days later the site was hacked again. I've just finished cleaning it for a 3rd time

Can anyone suggest how I can stop this as it's getting painful :'(

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by letxobnav » Fri Dec 13, 2019 4:59 pm

checked your logs?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan

Post by Nordikota » Fri Dec 13, 2019 5:29 pm

The error log? I wouldn't know what to look for ???

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by thekrotek » Fri Dec 13, 2019 5:41 pm

Looks like you have a backdoor somewhere on your server. If you can't find it, I can do it for you. Drop me an email or send a message in Skype and we'll discuss the matter.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Expert Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by Nordikota » Fri Dec 13, 2019 6:45 pm

@thekrotek - email sent. Thanks!

Active Member

Posts

Joined
Tue Feb 11, 2014 8:04 pm

Post by paulfeakins » Fri Dec 13, 2019 6:55 pm

Contact Astra ASAP, they have sorted this out for many OC users we know.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by wrick0 » Fri Dec 13, 2019 7:09 pm

Make sure you are not running any pirated extensions.

Make sure you are not running wordpress on the same host.

Make sure modsecurity is active on your server, as well as fail2ban and some antivirus i recommend ImunifyAV.


Probably the best method is to get another VPS/host and secure that properly (use plesk it can do most for you).

Then move your site over to that new server (after scanning it with antivirus)

If you want to be completely sure your website is clean, rebuild it completely

Active Member

Posts

Joined
Fri Jan 18, 2019 10:00 pm
Location - 127.0.0.1 @ The Netherlands

Post by letxobnav » Fri Dec 13, 2019 11:13 pm

The error log? I wouldn't know what to look for
your server access log, useless to keep mopping the floor when you have no clue which faucet you left running.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.


User avatar
Expert Member

Posts

Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan
Who is online

Users browsing this forum: No registered users and 4 guests