OpenCart Community

OC Version 3.0.3.2

Hello, just recently my AVG antivirus has been detecting a virus/malware or other threat when I navigate the pages of my oc website except the admin section. Does anyone know what this could be? Is it possible my site has been hacked or could this be a virus on my computer? I have run a deep scan and cannot find any issues locally so my next guess is the server. Screenshot is below.



Thanks in advance for any help.

My web inspector shows the following error:

Failed to load resource: the server responded with a status of 403 (Malicious content) So this confirms the problem is within the opencart files. Any ideas what this is and how I can remove it from my website. Also, any ideas how this could have been uploaded to my site? Thanks.

jrunique wrote: ↑

Tue Nov 10, 2020 6:43 pm

My web inspector shows the following error:

Failed to load resource: the server responded with a status of 403 (Malicious content)

Code: Select all

https://tags-manager.com/gtags/script2?utm_referer=?utm_source=&utm_content=&utm_referer=www.mywebsite.com

So this confirms the problem is within the opencart files. Any ideas what this is and how I can remove it from my website. Also, any ideas how this could have been uploaded to my site? Thanks.

Run Virus Scanner from your C Panel.

Thanks for the reply. I cannot see a virus scanner in cPanel, however my host was able to find a couple of malicious files in my opencart shop and they have quarantined these. Unfortunately my AVG virus scanner is still flagging problems when I visit my site so the problem is not completely fixed.

If you have dedicated server and access to your WHM root you can enable Virus Scanner for your Cpanel.
As for AVG clear your browser cache and cookies then try again opening site.

Unfortunately, I downgraded from dedicated to shared hosting so I no longer have WHM access, I will ask my host to enable it.

I cleared all cookies and cache and restarted my browser, however AVG is still detecting the code.

I have a one month old local backup of all server files so I moved the current public_html files to quarantine and uploaded the backup files to the server. I cleared cookies and cache again and opened the website, unfortunately AVG still picked up the same code. Maybe my site was infected on an earlier date and somehow recently activated (if that's possible?) or the code has been planted elsewhere on the server?

Have you modified the above code?
It is look like google tag manager. Do run few test. Check your website header/footer file and look for GTM code remove it and then save the file and then upload back to server. Clear your browser cache and make sure clear server cache and refresh the OC Modifications.

See. viewtopic.php?f=181&t=220885#p804670

Removing the code is just the first step. You need to work out how the code was added in the first place. If it's a modified file check your FTP access logs first.

Cwatch found the infection in my database TABLE `oc_setting` A code had been placed within the google analytics code.

I don't have access to ftp logs in cPanel so I will ask my host to check.

I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.

Cwatch found the infection in my database TABLE `oc_setting`

That is a good news indeed!

A code had been placed within the google analytics code.

As suggested above to start with.

I don't have access to ftp logs in cPanel so I will ask my host to check.

You can always create ftp account from cpanel.

But your issue is Database so use myPhpAdmin to check your database.

I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.

That is the always first thing to do. When work has completed.

khnaz35 wrote: ↑

Fri Nov 13, 2020 11:58 am

I don't have access to ftp logs in cPanel so I will ask my host to check.

You can always create ftp account from cpanel.

Or, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.

straightlight wrote: ↑

Fri Nov 13, 2020 12:41 pm

Or, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.

Yep true

khnaz35 wrote: ↑

Fri Nov 13, 2020 11:58 am

A code had been placed within the google analytics code.

As suggested above to start with.

Yes, you were right, thanks for the suggestion. The only problem was I was looking in the wrong place e.g. header/footer files rather than the database.

straightlight wrote: ↑

Fri Nov 13, 2020 12:41 pm

Or, the user can check directly into the File Manager console of his cPanel since the user uses cPanel.

Thanks for the suggestion.

jrunique wrote: ↑

Fri Nov 13, 2020 11:19 am

Cwatch found the infection in my database TABLE `oc_setting` A code had been placed within the google analytics code.

I don't have access to ftp logs in cPanel so I will ask my host to check.

I have had work done on my site in the past and had to share login details, I should have changed all passwords immediately after giving access to my site files.

As a previous 'partner' of Comodo and cWatch, I would suggest not using their service. You will have way more issues with your Opencart stores and their cleanup service is not adequate at all. We worked with them for over 3 years, from the time they got started with cWatch and it wasn't a great experience. I'm not going to try to promote the new service we offer or any other malware cleanup service but I do want to suggest staying away from Comodo cWatch.