hello, this morning my website front has completely gone due to being hacked, the gadget shack dot co dot uk
the backend is still working fine, the hoster says the 7 day old version was still hacked and i dont think i made a back up recently before it being hacked.
any one know any ways to restore it?
Default install or modified php-files and template?
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
default to a certain extent but with added mods etc for 1.3.2 its probably time to upgrade to the newest version anyway?
the back end of the website is working fine still does any one know if i can move the products etc to a fresh install in 1.4.1b
the back end of the website is working fine still does any one know if i can move the products etc to a fresh install in 1.4.1b
Did you dify any db-tables?
Disable any third party modules and set template to the default.
Make a backup of your db and your files.
Empty your files and database an do a clean install of the same version.
Restore your database and see if it works normal.
Check if modules used for your 1.3.2 are there for 1.4.8b
Download 1.4.8b and follow the upgrade instruction.
Disable any third party modules and set template to the default.
Make a backup of your db and your files.
Empty your files and database an do a clean install of the same version.
Restore your database and see if it works normal.
Check if modules used for your 1.3.2 are there for 1.4.8b
Download 1.4.8b and follow the upgrade instruction.
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
from what i can see only the index.php file was changed can you point me in the right direction of downloading 1.3.2 so i can obtain that file.
Have your hoster look at it how they got in.richard211986 wrote:cheers all done, anyone got any advice to stop the hackers getting back in?
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
Hacks like this are usually due to your server. It's unlikely your site has been targeted due to the cart (but that's not to say it isn't). My advice would be to check with your hosts and see what they can find out about the breach, and take it from there. If it was a server issue, they'll have to correct it, else move to another hosting company. First thing I would do is change your password on your account. If you're using something less than at least 12 characters long then change it. Use the password generator to make it really difficult to guess. If yo need to remember it, put the password in a draft email and save it so that you can retrieve it as long as you have an internet connection (and remember your email password of course 
) With OC, I think it's a good idea to upgrade every chance you get. bug fixes are solved with each new implementation, so it's best to keep as up to date as possible (yes I know it's not always the easiest with the way the cart is at the moment but it is getting easier)
) With OC, I think it's a good idea to upgrade every chance you get. bug fixes are solved with each new implementation, so it's best to keep as up to date as possible (yes I know it's not always the easiest with the way the cart is at the moment but it is getting easier)yeh i dont think my server will be taking responsibility as they couldnt even restore the files properly they tried to tell me they restored the site from 7 days ago (when everything was fine) but obviously they hadnt as the outlook was the same as todays. so with a bit of investigating through the files i noticed the index.php file was the only file changed.
so in theory their backup should have restored the site completely to normal but it didn't =/
so in theory their backup should have restored the site completely to normal but it didn't =/
Yea this is a common malicious script target... The internet adopted the concept of a file called "index.html" to be the default loaded page. Similarly on php "index.php". So many scripts search for files with common names.
index.php
config.php
home.php
main.php
default.php
Generically scripts search for these files and insert their hacky code, typically with the idea of just bragging. There is usually no actual target, just a script that goes out and attacks all it can find.
You can make these files read-only (but be aware of this when you need to make changes or try to upload a new version as they won't be able to be replaced by the new version until they are unprotected).
index.php
config.php
home.php
main.php
default.php
Generically scripts search for these files and insert their hacky code, typically with the idea of just bragging. There is usually no actual target, just a script that goes out and attacks all it can find.
You can make these files read-only (but be aware of this when you need to make changes or try to upload a new version as they won't be able to be replaced by the new version until they are unprotected).
It seems to focus on shared hosts that allow script access when using relative paths.
Example, you are on a shared host with many other people.. you only see your folder as:
/public_html/
but other people exist like
home/mjordan/public_html/
home/sjobs/public_html/
home/bgates/public_html/
You don't see their files in ftp, but php might be able to.
You could write a script like:
Example, you are on a shared host with many other people.. you only see your folder as:
/public_html/
but other people exist like
home/mjordan/public_html/
home/sjobs/public_html/
home/bgates/public_html/
You don't see their files in ftp, but php might be able to.
You could write a script like:
Code: Select all
<?php
// Go above the home directory.
chdir(../..);
// Find all folders in the home directory
$folders = glob(*, GLOB_ONLYDIR);
// Loop through each
foreach ($folders as $folder) {
// MALWARE INJECT HERE
}
?>
If you currently run chmod 777 public or 757 group on some of these shared hosts, then others might be able to write to your files.
Sometimes PHP is run under group permissions, so depending on other internal settings, this can allow others to write to your files.
In this scenario, any file manager that allows you to set the document root directory in the config will allow you to view & write to someone elses files (or they can write to yours) - I remember being able to simply navigate the whole shared server directories with Webedit Professional & view all the accounts that were on the server.
If you aren't writing to a file, then make sure you set it to 644 (or 755 depending on your server requirement) so that even if people can see your files they can't write to them.
Sometimes PHP is run under group permissions, so depending on other internal settings, this can allow others to write to your files.
In this scenario, any file manager that allows you to set the document root directory in the config will allow you to view & write to someone elses files (or they can write to yours) - I remember being able to simply navigate the whole shared server directories with Webedit Professional & view all the accounts that were on the server.
If you aren't writing to a file, then make sure you set it to 644 (or 755 depending on your server requirement) so that even if people can see your files they can't write to them.
http://www.alreadymade.com
Follow me on twitter.com/alreadymade
Who is online
Users browsing this forum: No registered users and 15 guests
