Dear,
I’ve found this code in Cscart V4.0.3 :
/8866c2/ document.write(“</” + “script>”); //8866c2/
Do you know what is it?
File has been hacked?
Regards
In which file was this found? I have found no trace of that code at all in the distributed 4.0.3 package. The site itself has the Google “this site may harm your computer” warning, therefore I would assume your site has somehow been hacked.
Dear,
See enclosed file.
I've changed FTP access code and username, and upload fresh files.
Do you think I must change database code, or anything else?
Regards
You cannot be certain where and how this has been added to your site, therefore it would be prudent to change all passwords - web hosting, CS-Cart admin panel, FTP, database, etc.
Personally I would wipe the server clean and start from scratch with a clean install of CS-Cart, as you have no idea if there is anything else that has been infected or hacked in your hosting area.
Dear
Ok thank you i will change all passwords.
Regards
Dear,
Can you say me exactly what i must change after changing these codes please? web hosting, CS-Cart admin panel, FTP, database
Regards
As far as CS-Cart files are concerned, you will only need to update the settings for the database login credentials in config.local.php. There should not be any changes required to the database itself.
Dear,
Thank you very much.
Regards