hello,
today i found my site has been hacked by DeadlyCrew.İNFO/Deadly-Warrior.
just front end has been hacked i guess. so what should i do now, should i just restore my backup or any way to find out where is the weak point?
my site www.unlocksolution.com
waiting for your advice.
thank you
today i found my site has been hacked by DeadlyCrew.İNFO/Deadly-Warrior.
just front end has been hacked i guess. so what should i do now, should i just restore my backup or any way to find out where is the weak point?
my site www.unlocksolution.com
waiting for your advice.
thank you
from a2hosting i got this reply -
"Hello,
Thank you for contacting A2 Hosting!
It was not due to the server. There are any number of ways a site can be hacked. A2 hosting cannot provide forensic details on every site that is hacked unfortunately. We can provide you with methods to clean the hack however. "
"Hello,
Thank you for contacting A2 Hosting!
It was not due to the server. There are any number of ways a site can be hacked. A2 hosting cannot provide forensic details on every site that is hacked unfortunately. We can provide you with methods to clean the hack however. "
i think it was done through google analytic module . i found this code in google analytic module
Code: Select all
<html>
<head>
<link rel=”icon” type=”image/png” href=”http://img.webme.com/pic/i/iconvar/turk-b-2.png” />
<title>DeadlyCrew.İNFO/Deadly-Warrior</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<body bgcolor="black">
<center><img src="http://i.hizliresim.com/W09o88.png" width="700" height="400" alt="Hacked!" /></center>
<h2><center><font face="arial" size="5" color="white">Biz Ancak<font color="red"> rükuda eğiliriz</font></center></h2>
<br>
<center><font face="arial" size="3" color="white">DeadlyCrew dont forget 18 March!<br>We dont forget anyone!<br> We are Turk!
<br>We are celebrating 18th March Canakkale Victory
<br>Canakkale is impassable<font color="red"></font></center><br><center><font face="arial" size="3" color="white">DeadlyCrew.İNFO | <font face="arial" size="3" color="RED"> DELİLER TİM</FONT></center>
<embed src="https://www.youtube.com/v/eltPkGySVYQ&autoplay=1" type="application/x-shockwave-flash" height="0" width="0"></embed>
</body>
</html>
I would check your server logs for access to anything under /admin/. Look for IP addresses that aren't yours.
Also check your FTP logs.
Also check your FTP logs.
well if i search "DeadlyCrew dont forget 18 March" on google i can see many other web sites powered by opencart were hacked including mine. and i already confirmed with my hosting which is a2hosting they confirmed it was not due to shared hosting..
however i have disabled google analytic module for now just to be in safe side.
however i have disabled google analytic module for now just to be in safe side.
I can't see that disabling the Google Analytics extension will prevent further attacks. If they could modify its contents then they can re-enable it.
If you want to check for any weak points look for access to admin/index.php?route=extension/analytics/google_analytics (or any other suspicious activity) in your server logs. If you look at the IP address and then see what was the first entry point from that IP address.
If you want to check for any weak points look for access to admin/index.php?route=extension/analytics/google_analytics (or any other suspicious activity) in your server logs. If you look at the IP address and then see what was the first entry point from that IP address.
Which module are you using? The one that comes with opencart, or a 3rd party extension?
How did your host suggest to 'clean' it up? Detailed cleaning instructions can point you toward the method of entry.
What version of OpenCart? Was the code that you entered into the Google Analytics module changed or the PHP files themselves? Have you clicked on any links that have taken you to your admin login?
Check your FTP logs. Check your web access logs for access to admin/index.php?route=extension/analytics/google_analytics or anything else that looks suspicious.
Change all your passwords.
Check your FTP logs. Check your web access logs for access to admin/index.php?route=extension/analytics/google_analytics or anything else that looks suspicious.
Change all your passwords.
You might want to try and add this firewall. It's only $40 USD/year
https://nintechnet.com/ninjafirewall/pro-edition/ (get the Pro+ Edition).
You can identify and block problem IP's. While nothing is perfect, it at least gives you another level of security.
https://nintechnet.com/ninjafirewall/pro-edition/ (get the Pro+ Edition).
You can identify and block problem IP's. While nothing is perfect, it at least gives you another level of security.
Every host has acces to root level of a shared server and therefor can deliver all access logs to any site of that server.
There are raw access logs, ftp access logs mysql logs in fact almost anything is logged.
So when a host tells you he cant give you any logs most of time it just means there server is compromised and more sites are hacked.
They just wont admit it and like to keep it quiet leaving you in the dark.
When infected it simple to check if on shared hosting.
you know your sites ip adres, if not check your domainname dns.
use this site to find out wich saites are on shared hosting
https://www.yougetsignal.com/tools/web- ... eb-server/
Check all those sites.
If you find more compromised sites you know it happend on server level.
There are raw access logs, ftp access logs mysql logs in fact almost anything is logged.
So when a host tells you he cant give you any logs most of time it just means there server is compromised and more sites are hacked.
They just wont admit it and like to keep it quiet leaving you in the dark.
When infected it simple to check if on shared hosting.
you know your sites ip adres, if not check your domainname dns.
use this site to find out wich saites are on shared hosting
https://www.yougetsignal.com/tools/web- ... eb-server/
Check all those sites.
If you find more compromised sites you know it happend on server level.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Here's a free solution for anyone no matter who your hosting provider is. Try it for 30 days and if you don't like it, you don't have to pay for a monthly / annual license thereafter. Comodo will scan and remove any malware and you are protected by a Firewall and connected to a CDN for faster content delivery. If you've got any questions about it, use our live chat. If you don't want to pay for the service after 30 days, Comodo will still scan for malware and clean it up 2x / month for no charge.
Simple, 'hands off' website security
https://www.evolvewebhost.com/account/c ... add&pid=47
Simple, 'hands off' website security
https://www.evolvewebhost.com/account/c ... add&pid=47
2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com
Active Member
Who is online
Users browsing this forum: No registered users and 2 guests