OpenCart Community

Our site was hacked, and all visits being directed to dodge sites. I got it backed up to previous working status, changed all admin pwd, ftp pwd, database pwd, changed admin login url, added pwd protection to admin folder, felt it is all sorted. Then accidentally found the shipping configuration page won't load up and showing fatal error message on Fedex.php file, checked that out and found bunch of code that is not supposed to be there. I replaced them with a clean copy and now working.

This could happen to other files, and I am not capable to do these clean ups. I wonder anyone used paid malware and firewall service provider?

I googled and found few here:

https://virusdie.com/website-security-platform/pricing/
https://sucuri.net/
https://www.getastra.com/pricing

We actually use getastra and have been pleased with the service

We were attacked again, desktop visits seemed fine, but mobile access are all directed to malicious sites. We started using Astra and paid for a year's subscription. They responded 4 hours after payment, and site is cleaned up, at least mobile access is now back to normal. So far so good, on their first daily report, they say there are 36 attacks being blocked. Will keep you updated in case there is anyone else wondering whether to go with paid firewall service.

Hey how did they work out for you? They have been cleaning up my site for about a month now, and still having some problems. We are getting as many as 300 attacks per day though (some days as few as 20)

Well, it would be rather helpful. if one show's some content, because
a hacker attempt is not always a very dangerous matter, it all depends on,
what kind of Code so-called Hackers use. I added a listing image below,
so show, what can be ignored, because I get such on a regular scale, and
as long as I use NO other Software, especially WordPress, on the same
Server, I have nothing really to worry about, since most such linking is
related to WP and similar Software. Just to have it mentioned, but I also
use a solid Server, operated by a proven solid Hoster, and such belongs
to the upmost important matters, likely widely ignored by many, trying
to run a commercial Software for as cheap as possible.
Ernie

After site being attacked last year i subscribed to sucuri, after that never looked back. It seems like there are still bits and pieces of threats left on your site.

We are partnered with Comodo to offer cWatch Web. It's a malware scanning / removal tool along with a CDN and it's available to everyone. You do not have to have your site(s) hosted with us to use the service and 24/7 support is provided directly through Comodo.

View the service and signup here if you're interested: https://www.evolvewebhost.com/cwatch-web.php

I've been using GetAstra for awhile now. initially stopped the malware, but I still get lots of attacks. The hackers have gotten back in a couple times and I am trying to figure out where from.

Update:
Going to do a fresh install on a new server and see if that helps.

I use use both getipintel and voxprox works great with my setup.