I can see someone logged into my admin and disabled my credit card module, installed the "moneybooker" module and put his email address..
Is it this easy to hack admin password? My password had 100% strength..
If he didn't come through admin, how did he disable my credit card module, install the moneybooker module and put his email address?
I've now changed the login and password and I'm looking into using IP filtering and IP log extensions.
Can I find out the hackers IP at this moment in time? Is there a log for opencart admin?
Please help! This is really urgent matter to me..
2. If someone got access to your database, they could theoretically have decrypted the admin password and accessed it that way. Or, if he understood how OpenCart works, he could have disabled and enabled the extensions directly in the database, and added the settings there.
3. If you're on a shared server, and someone else on the server was compromised, your site might have been as well. If someone has accessed to your OpenCart files, they would have access to your database settings, and could do everything in #2.
4. IP filtering would be useful for the admin panel, but not if someone has your direct database access or access to your OpenCart files. You can view IP logs of who visited your site in your web host admin panel (usually under "Raw Access Logs" or something like that). You can usually also set up restrictions on who can remotely access your database in there (in cPanel, under "Remote MySQL"). If they have access to your files or your FTP information, you'd need to also set up IP restrictions on FTP, which some hosts don't offer.
http://www.opencart.com/index.php?route ... on_id=9281
Increase Page Speed (#1 rated commercial extension on OpenCart Marketplace)
15in1 Essential Extensions Value Pack Premium Customer Testimonials Reward Points Extended Admin Security Lockdown Suite
Users browsing this forum: Bing [Bot] and 22 guests