I am sharing hosting space with a friend of mine. We both use Opencart 220.127.116.11. Last week I had some strange pop up whenever I went to use my admin panel asking for billing information (see attached image). Last night it was brought to my attention that his site is getting the same pop up when a user goes to view a category. I have done some discovery with Fiddler but can not really come up with anything substantial. If anyone has any ideas we both would greatly appreciate the input.
Thanks in advance!
For Sale: Turnkey URLs with Opencart installed
Present Opencart LIGHT Testsite: http://www.velomech.ch
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: firstname.lastname@example.org
730+ FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Change your hosting passwords including all FTP accounts that may have been created.
Change the OpenCart database user password (remember to update the two config.php files with the new password).
Check the files or your server have not been modified or new files added by comparing against a clean download of your version of OpenCart and any modifications.
Check your database for any injected code.
Lookup through your servers web access log for anything suspicious that may help you find where they are getting in.
Check the OpenCart error logs for anything suspicious.
Check for any additional admin accounts (and maybe name from the default of "admin" or better still create a new admin account and give full permission and then delete the default account).
Check your database can only be accessed from the relevant IP addresses.
Switch off displaying of errors in OpenCart on on your hosting (this has to be done in the admin and the config files in version 3).
I've seen sites attacked through week or stolen FTP passwords, vulnerabilities in extensions, ect.
Users browsing this forum: No registered users and 2 guests