OC Version 3.0.3.2
Hello, just recently my AVG antivirus has been detecting a virus/malware or other threat when I navigate the pages of my oc website except the admin section. Does anyone know what this could be? Is it possible my site has been hacked or could this be a virus on my computer? I have run a deep scan and cannot find any issues locally so my next guess is the server. Screenshot is below.
Thanks in advance for any help.
My web inspector shows the following error:
Failed to load resource: the server responded with a status of 403 (Malicious content)
So this confirms the problem is within the opencart files. Any ideas what this is and how I can remove it from my website. Also, any ideas how this could have been uploaded to my site? Thanks.
Failed to load resource: the server responded with a status of 403 (Malicious content)
Code: Select all
https://tags-manager.com/gtags/script2?utm_referer=?utm_source=&utm_content=&utm_referer=www.mywebsite.com
Run Virus Scanner from your C Panel.jrunique wrote: ↑Tue Nov 10, 2020 6:43 pmMy web inspector shows the following error:
Failed to load resource: the server responded with a status of 403 (Malicious content)So this confirms the problem is within the opencart files. Any ideas what this is and how I can remove it from my website. Also, any ideas how this could have been uploaded to my site? Thanks.Code: Select all
https://tags-manager.com/gtags/script2?utm_referer=?utm_source=&utm_content=&utm_referer=www.mywebsite.com
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature 
Thanks for the reply. I cannot see a virus scanner in cPanel, however my host was able to find a couple of malicious files in my opencart shop and they have quarantined these. Unfortunately my AVG virus scanner is still flagging problems when I visit my site so the problem is not completely fixed.
If you have dedicated server and access to your WHM root you can enable Virus Scanner for your Cpanel.
As for AVG clear your browser cache and cookies then try again opening site.
As for AVG clear your browser cache and cookies then try again opening site.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
Unfortunately, I downgraded from dedicated to shared hosting so I no longer have WHM access, I will ask my host to enable it.
I cleared all cookies and cache and restarted my browser, however AVG is still detecting the code.
I have a one month old local backup of all server files so I moved the current public_html files to quarantine and uploaded the backup files to the server. I cleared cookies and cache again and opened the website, unfortunately AVG still picked up the same code. Maybe my site was infected on an earlier date and somehow recently activated (if that's possible?) or the code has been planted elsewhere on the server?
I cleared all cookies and cache and restarted my browser, however AVG is still detecting the code.
I have a one month old local backup of all server files so I moved the current public_html files to quarantine and uploaded the backup files to the server. I cleared cookies and cache again and opened the website, unfortunately AVG still picked up the same code. Maybe my site was infected on an earlier date and somehow recently activated (if that's possible?) or the code has been planted elsewhere on the server?
Code: Select all
https://tags-manager.com/gtags/script2?utm_referer=?utm_source=&utm_content=&utm_referer=www.mywebsite.comIt is look like google tag manager. Do run few test. Check your website header/footer file and look for GTM code remove it and then save the file and then upload back to server. Clear your browser cache and make sure clear server cache and refresh the OC Modifications.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
See. viewtopic.php?f=181&t=220885#p804670
Removing the code is just the first step. You need to work out how the code was added in the first place. If it's a modified file check your FTP access logs first.
Removing the code is just the first step. You need to work out how the code was added in the first place. If it's a modified file check your FTP access logs first.
Cwatch found the infection in my database TABLE `oc_setting` A code had been placed within the google analytics code.
I don't have access to ftp logs in cPanel so I will ask my host to check.
I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.
I don't have access to ftp logs in cPanel so I will ask my host to check.
I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.
That is a good news indeed!Cwatch found the infection in my database TABLE `oc_setting`
As suggested above to start with.A code had been placed within the google analytics code.
You can always create ftp account from cpanel.I don't have access to ftp logs in cPanel so I will ask my host to check.
But your issue is Database so use myPhpAdmin to check your database.
That is the always first thing to do. When work has completed.I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
Or, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Yep truestraightlight wrote: ↑Fri Nov 13, 2020 12:41 pmOr, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
Yes, you were right, thanks for the suggestion. The only problem was I was looking in the wrong place e.g. header/footer files rather than the database.
Thanks for the suggestion.straightlight wrote: ↑Fri Nov 13, 2020 12:41 pmOr, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.
As a previous 'partner' of Comodo and cWatch, I would suggest not using their service. You will have way more issues with your Opencart stores and their cleanup service is not adequate at all. We worked with them for over 3 years, from the time they got started with cWatch and it wasn't a great experience. I'm not going to try to promote the new service we offer or any other malware cleanup service but I do want to suggest staying away from Comodo cWatch.jrunique wrote: ↑Fri Nov 13, 2020 11:19 amCwatch found the infection in my database TABLE `oc_setting` A code had been placed within the google analytics code.
I don't have access to ftp logs in cPanel so I will ask my host to check.
I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhosting.com
Active Member
Who is online
Users browsing this forum: No registered users and 8 guests
