Page 1 of 1
Someone inserted spammy paragraph into one the categories description
Posted: Thu Jan 10, 2019 3:37 pm
by masterkenobi
Hi,
My store is using Version 2.3.0.2 and I just found out one my categories description has been modified to include a spammy paragraph about casinos. Weird thing is only one category is affected out hundreds of categories I have. I suspect the hacker gained access to one of the user's account to make the changes. However, I need to confirm that by analyzing the activity log of each users. May I know where can I find such log in Opencart?
Re: Someone inserted spammy paragraph into one the categories description
Posted: Thu Jan 10, 2019 3:59 pm
by OSWorX
OpenCart store activities only for Customers - and that setting has to be enabled first.
User (= backend) activities are never stored.
On the other side, customers do not have access to any backend functionality, and you should know your (backend) users and who is allowed what to do.
Re: Someone inserted spammy paragraph into one the categories description
Posted: Thu Jan 10, 2019 4:13 pm
by masterkenobi
OSWorX wrote: ↑Thu Jan 10, 2019 3:59 pm
OpenCart store activities only for Customers - and that setting has to be enabled first.
User (= backend) activities are never stored.
On the other side, customers do not have access to any backend functionality, and you should know your (backend) users and who is allowed what to do.
I have few users and I was hoping to confirm the hack by tracing the activity for each users. I wonder why OC doesn't log users activities? This should come handy in cases like this.
Re: Someone inserted spammy paragraph into one the categories description
Posted: Thu Jan 10, 2019 7:37 pm
by ADD Creative
You could look in your web access logs. Look for access to your admin login and then the item that was modified. You may not be able to work out which user account was used, but could confirm how the spam was added.
Change all your passwords if you haven't already.
There were reports of the same thing happening a while back with the problem possibly being a flaw in the theme being used.
Re: Someone inserted spammy paragraph into one the categories description
Posted: Sun Jan 13, 2019 6:41 am
by victorj
I use piwik now matomo to monitor my website traffic, beside that i also have a seperate piwik install that only i can access that logs all admin activities.
Comes in very handy to monitor all admin activities
Re: Someone inserted spammy paragraph into one the categories description
Posted: Wed Jan 23, 2019 5:18 pm
by marianoitaliano
Your problem can be very serious because it will most probably it will:
- destroy your SERP
- happen again if you will not find the source
I would suggest making general checkup but also contact your hosting provider. In the worst scenarios, malicious code can be even installed on your server.
Re: Someone inserted spammy paragraph into one the categories description
Posted: Wed Jan 23, 2019 7:46 pm
by johnp
Put Crawlprotect on. It helps stop hacks and SQL injections.