Help! Site constantly being hacked :-\

Quote

Post by Nordikota » Fri Dec 13, 2019 4:53 pm

Hi. Site is OC3.0.3.2 running Journal3

Our site has been hacked somehow and a number of files (Index.php) have been added that redirect customers to Spam sites. .htaccess files have been renamed. I've been through every directory and manually removed the files, updated .htaccess to disallow access, changed the file attributes to remove write access and changed all Admin & FTP passwords.

2 days later the site was hacked again. So I did the same thing again all over again.

2 days later the site was hacked again. I've just finished cleaning it for a 3rd time

Can anyone suggest how I can stop this as it's getting painful :'(
Nordikota
Active Member
Posts
234
Joined
Tue Feb 11, 2014 8:04 pm
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by letxobnav » Fri Dec 13, 2019 4:59 pm

checked your logs?

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.

User avatar
letxobnav
Expert Member
Posts
3264
Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by Nordikota » Fri Dec 13, 2019 5:29 pm

The error log? I wouldn't know what to look for ???
Nordikota
Active Member
Posts
234
Joined
Tue Feb 11, 2014 8:04 pm
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by thekrotek » Fri Dec 13, 2019 5:41 pm

Looks like you have a backdoor somewhere on your server. If you can't find it, I can do it for you. Drop me an email or send a message in Skype and we'll discuss the matter.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com

User avatar
thekrotek
Expert Member
Posts
4375
Joined
Sun Jul 03, 2016 12:24 am
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by Nordikota » Fri Dec 13, 2019 6:45 pm

@thekrotek - email sent. Thanks!
Nordikota
Active Member
Posts
234
Joined
Tue Feb 11, 2014 8:04 pm
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by paulfeakins » Fri Dec 13, 2019 6:55 pm

Contact Astra ASAP, they have sorted this out for many OC users we know.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk

User avatar
paulfeakins
Legendary Member
Online
Posts
10041
Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by wrick0 » Fri Dec 13, 2019 7:09 pm

Make sure you are not running any pirated extensions.

Make sure you are not running wordpress on the same host.

Make sure modsecurity is active on your server, as well as fail2ban and some antivirus i recommend ImunifyAV.


Probably the best method is to get another VPS/host and secure that properly (use plesk it can do most for you).

Then move your site over to that new server (after scanning it with antivirus)

If you want to be completely sure your website is clean, rebuild it completely
wrick0
Active Member
Posts
180
Joined
Fri Jan 18, 2019 10:00 pm
Location - 127.0.0.1 @ The Netherlands
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by letxobnav » Fri Dec 13, 2019 11:13 pm

The error log? I wouldn't know what to look for
your server access log, useless to keep mopping the floor when you have no clue which faucet you left running.

Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces

“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.

User avatar
letxobnav
Expert Member
Posts
3264
Joined
Fri Aug 18, 2017 4:35 pm
Location - Taiwan
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by nureddin21 » Wed May 17, 2023 5:10 pm

wrick0 wrote:
Fri Dec 13, 2019 7:09 pm
Make sure you are not running wordpress on the same host.

I have the same situation and my site (opencart) has been hacked more than once.

I have a wordpress site installed on the same hosting (hostinger).

I would like to ask you, what is the relationship of WordPress, even though it is independent with its files and there is a file protection system?
nureddin21
New member
Posts
23
Joined
Tue Feb 23, 2021 2:48 am
Top

Re: Help! Site constantly being hacked :-\

Quote

Post by paulfeakins » Wed May 17, 2023 6:17 pm

nureddin21 wrote:
Wed May 17, 2023 5:10 pm
 I would like to ask you, what is the relationship of WordPress, even though it is independent with its files and there is a file protection system?
WordPress gets hacked all the time because of its popularity. If it's in the same account as OpenCart then a hack gives them access to everything.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk

User avatar
paulfeakins
Legendary Member
Online
Posts
10041
Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom
Top
Post Reply
Return to “Themes”
Who is online

Users browsing this forum: No registered users and 9 guests