Sick of Malware on Version 2.1.0.1, Time to Upgrade?

Hi all,

We are running on OC Version 2.1.0.1

We seem to get re-infected with the same credit card malware every few days on our VPS. We have Securi who will spot and clean it (they say it's infecting the oc_setting.value in the database), and we can roll back the DB every time, which also removes it, but we need a permanent solution.

We are a 1 man business looking for the most cost effective solution. We have changed all the CPanel passwords but that doesn't work. May I ask, will a firewall fix this, or is it time to upgrade to Version 3? Are there any developers who can give us costings / timings for an upgrade. We have no themes, and just the usual plug in's for Payment, Volume Discounts etc

Kind Regards
Rob

I can check your server for backdoors and malware, done this multiple times. Send me an email or message in Skype and we'll discuss the details.

Contact Astra, they'll do an audit with a load of recommendations for a developer such as ourselves to implement.

Alternatively we could do a rebuild for you as listed here: https://www.antropy.co.uk/services/ecommerce-business

Quick update for anyone with the same issue, we now believe the infection is via the Google Analytics plug in.

Bobbio999 wrote: ↑

Wed Nov 03, 2021 7:49 pm

Quick update for anyone with the same issue, we now believe the infection is via the Google Analytics plug in.

Basically this is a "core" module - add only the code and save.
It's not an extra extension - or what are you using?

Yes we have disabled the core module for Google analytics (and the <script> provided by Google therein) and the infections appear to have stopped.

Website URL?

Bobbio999 wrote: ↑

Wed Nov 03, 2021 10:13 pm

Yes we have disabled the core module for Google analytics (and the <script> provided by Google therein) and the infections appear to have stopped.

Never heard something like this before.
From where do you have this code and could you post here this snippet (remove sensitive data before).

In the Analytics section of Admin, we deleted the Google <script> and disabled this function. The script from Google must have been provided several years ago now. (we didn't keep a copy of it unfortunately).

Analytics List
Analytics Name Status Action
Google Analytics Disabled

Bobbio999 wrote: ↑

Thu Nov 04, 2021 12:08 am

In the Analytics section of Admin, we deleted the Google <script> and disabled this function. The script from Google must have been provided several years ago now. (we didn't keep a copy of it unfortunately).

Analytics List
Analytics Name Status Action
Google Analytics Disabled

Well, you are using a very old version of OpenCart .. may work, but I guess your php version is also outdated (you should update at least the php version to 7.3.x which requires also to update 1 script of OpenCart).
Beside this, the code provided from Google is not able to add something else - so the person who pasted it, made some ? ?
See: https://developers.google.com/analytics ... nalyticsjs

Bobbio999 wrote: ↑

Wed Nov 03, 2021 5:46 pm

Hi all,

We are running on OC Version 2.1.0.1

We seem to get re-infected with the same credit card malware every few days on our VPS. We have Securi who will spot and clean it (they say it's infecting the oc_setting.value in the database), and we can roll back the DB every time, which also removes it, but we need a permanent solution.

We are a 1 man business looking for the most cost effective solution. We have changed all the CPanel passwords but that doesn't work. May I ask, will a firewall fix this, or is it time to upgrade to Version 3? Are there any developers who can give us costings / timings for an upgrade. We have no themes, and just the usual plug in's for Payment, Volume Discounts etc

Kind Regards
Rob

Isn't a component of Sucuri's service a firewall? If so, they should have been stopping this, not detecting you and telling you it was getting infected over and over.

If you want to try Astra (and anyone else reading this), contact us here for a 2 week trial: https://core.evolvewebhost.com/contact.php

If you like it, you can purchase a license (our pricing is the lowest I've seen). Otherwise, we'll disconnect you from the Astra service. No hassles or headaches.

Personally, I do recommend using a newer version of Opencart although not all releases are great. For example, I think 2.3.0.2 was the best of the 2.x branch and I'd say 3.0.3.7 or 3.0.3.8 are the two better versions of the 3.x branch. A release like 4.0.0.0_b in 2017 is very odd to me and I wouldn't use a release like that.