Help! My site has been hacked and I can't reset my password!

I believe my site (onlineshop.yarniapdx.com) was hacked.

Last night, I received a password request email, that I did not initiate. I looked up the IP address and it was located in Tampa, Florida -- nobody that I know.

Just now, I got a message from a customer who was at my site, letting me know that they got an error message when trying to check out.

I did a test run on my end to see what was going on, and noticed something very disturbing. When I got to the "Payment Options" section at checkout, there were 2 options. Normally I only accept PayPal for my shop, but there is now a second option, where the customer is asked to enter their credit card information directly into my site (the option was for Authorize.net). I never ask my customers to do this, as I know it is not secure. I did NOT add this option to the payment method section.

Then, I tried logging in to my back office to check out what was going on and disable this payment method, as I fear it has been placed there by a hacker and that it is directing customers' payments elsewhere.

I tried resetting my password to the back office, and I received the email directing me to reset the password via Opencart, but when I click that link, it just takes me to my /admin page, and tells me the password is incorrect. I don't know what to do or how to log in to my back office and I am kind of freaking out here...

I purposefully "broke" my site for the time being by deleting the startup.php file from my root directory using FTP, while I figure this out. Please help!!

Simply follow these steps to reset the password to 'password'

1.Log into cPanel and click on phpMyAdmin
2.Open the database that your OpenCart store uses
3.Find the "user" table
4.Edit the user with the username "admin" and change the password field to 5f4dcc3b5aa765d61d8327deb882cf99. This string or hash changes the password to "password" (without the quotes)



Now, attempt to log into the OpenCart Dashboard with your new password and change it to your new one?

maybe backing up your site, changing the folder is points to, reinstalling it fresh and upload the backup so make sure theres nothing malicious still on the site?

Okay, figured it out. Once I realized that I could still log in to my HostGator account and access PHPMyAdmin, I revisited this thread from a few years ago (http://forum.opencart.com/viewtopic.php?f=20&t=106450) and was able to met my Opencart Admin password and regain access to my account, and delete the malicious extension.

That was a close one.

Next step for you, I'd say investigate how your server was hacked and probably make some changes to harden your security.

I hope you have able to fix your website. btw could you share what was the hole on your website? so we all can learn and avoid it.