Hi everyone, my online store (opencart 2.1.0.1) was attacked days ago. it´s the 6th time that someone is errasing categories and products. Luckily i have backups. I saw that when i login if i use admin or my email any passwork works!!! So the access is completely free. I changed the name of the folder "ADMIN" to prevent this hacker to login again, but i am afraid that he can list the folders of the website.
1. how can i prevent him from listing the root folders?
2. how can i correct this problem in the login (any password works using email and admin user (this users doesnt exist in the back panel... so i cant change it). I have only 1 user and it´s not any of this, so the hacker creates an open door to access the opencart.
I will appreciate a lot your help. Thanks!
1. Re-upload the original OpenCart files for your version. If it's a modification to one of those files, that should fix it.
2. If you still have the issue after that, disable any ocMods or vQmods on your site. Then start going through them one-by-one and see if any of them result in the issue you mention.
3. If you can't figure it out after that, consider hiring someone to take a look at it for you. If you need to find a developer, I recommend you post a request in the OpenCart "Commercial Support" forum, which is checked by a number of OpenCart developers. You can also try checking out the OpenCart "Partners" area.
2. If you still have the issue after that, disable any ocMods or vQmods on your site. Then start going through them one-by-one and see if any of them result in the issue you mention.
3. If you can't figure it out after that, consider hiring someone to take a look at it for you. If you need to find a developer, I recommend you post a request in the OpenCart "Commercial Support" forum, which is checked by a number of OpenCart developers. You can also try checking out the OpenCart "Partners" area.
Thanks for your help, i will try that and see if it solves the problem. Sorry for taking so long to respond.
The problem was solved. Seems that some file inside the system root folder was changed. Now everything is normal. Lets see if the hacker tries again to attack the store. Thank you all for your help.
If you're using an Apache based server make sure you use an .htaccess file. I provided a link to get you started but do a search on this. http://www.thesitewizard.com/apache/pre ... cess.shtml
Another thing to look at is a firewall. Here's one to look at - http://nintechnet.com/ninjafirewall/. There are many more. While nothing is 100% at least you will stop the hacker wanna be's.
Another thing to look at is a firewall. Here's one to look at - http://nintechnet.com/ninjafirewall/. There are many more. While nothing is 100% at least you will stop the hacker wanna be's.
Who is online
Users browsing this forum: Semrush [Bot] and 12 guests