Lol!!! :d:d
My site just got hacked and I’ve just found out a bit more than 1 hour ago. Any idea what I should do now? It’s lucky that my site is not going live yet.
Thanks.
rommy
[quote name=‘rommy’]My site just got hacked and I’ve just found out a bit more than 1 hour ago. Any idea what I should do now? It’s lucky that my site is not going live yet.
Thanks.
rommy[/QUOTE]
#1) Immediately change all your FTP passwords and your main cpanel passwords
#2) Overright all the changed files on your webserver with the orignal CS-Cart files
#3) I would say update your virus software but so far 2 people had to re-format there computers including me, I was able to backup all data first, I didn’t loose anything but alot of time.
#4) Yes it’s that bad.
#5) DO NOT ever let FTP passwords be remembered by the FTP software ever again.
#6) DO NOT access the site again through the internet untill you have re-uploaded and over-right all files or you’ll get the virus again.
#7) If you need help let us know.
[quote name=‘snorocket’]#1) Immediately change all your FTP passwords and your main cpanel passwords
#2) Overright all the changed files on your webserver with the orignal CS-Cart files
#3) I would say update your virus software but so far 2 people had to re-format there computers including me, I was able to backup all data first, I didn’t loose anything but alot of time.
#4) Yes it’s that bad.
#5) DO NOT ever let FTP passwords be remembered by the FTP software ever again.
#6) DO NOT access the site again through the internet untill you have re-uploaded and over-right all files or you’ll get the virus again.
#7) If you need help let us know.[/QUOTE]
Thank you for all your information. I’ve done all of these. I found out that in every single folder on my public_html, there is a file called “core.php”. When I tried to open this file direct in dreamweaver, my antivirus picked it up as a virus.
Do you think this is because of cs-cart bad code or because of my hosting provider?.
Thanks again.
rommy
dammit, it seems like my site is being hacked again. currently, the import and export page have been defaced.
Well I obviously don’t want to get this on my computer or site so I have a couple of questions.
First, I run Comodo Internet Security on my computers. What is your guys’ opinion on this? I’ve been happy so far, but I would like to know what you think.
Second, I have deleted all the passwords for my ftp access on my ftp programs. I haven’t deleted the site information on Dreamweaver. Should I?
Does this virus just effect ftp software and sites and should I do anything different than what I have already done.
I host with CyberLNC. Scott seems to be pretty up on security, is there anything I should ask him to do to help prevent me getting this. I know that Jesse does stuff with them so I would guess that he has already dealt with this, but I figured I would ask.
Thanks for your time,
Brandon
[quote name=‘rommy’]Thank you for all your information. I’ve done all of these. I found out that in every single folder on my public_html, there is a file called “core.php”. When I tried to open this file direct in dreamweaver, my antivirus picked it up as a virus.
Do you think this is because of cs-cart bad code or because of my hosting provider?.
Thanks again.
rommy[/QUOTE]
If possible I would seriously just wipe out all the files and upload new ones, you basically can’t do this until you have an infection free computer, you can’t access the site from a non-infected computer because it will get the virus as well. I was able to change the passwords and upload the new files with my infected computer, then I took the computer offline, unplug the ethernet cable, the virus reaked havoc to such an extent I had to re-format the harddrive, I saved all my files, and wipde it clean, took 8hrs to re-install the operating system, runs like new now. Like I mentioned above, I changed all FTP passwords including the main account password, clear all password cache’s from everywhere including IE and FF, don’t let anything ever remember your passwords.
While I was re-installing the operating system I updated another computer with the latest virus protection and over righted all files again just to be on the safe side, everything has been fine now.
[quote name=‘brandonvd’]First, I run Comodo Internet Security on my computers. What is your guys’ opinion on this? I’ve been happy so far, but I would like to know what you think[/QUOTE]
I have Trend Micro Internet Security Pro, however I didn’t keep it updated for the 3 days prior to the attack because it bogs my computer down and makes it hard to navigate, out of all the times I do this it would have to happen. I don’t know that I can blam it on the virus software as I did not keep it up to date as I should have, I will give Trend another chance and won’t let it happen again.
Anyone discussing for buying Antivirus software, i am the right person for this work because i am a Authorized distributor of antivirus companies like Bitdefender, Symantec, Kaspersky etc. 
Hey Sno,
[QUOTE]I didn’t keep it updated for the 3 days prior to the attack because it bogs my computer down[/QUOTE]
This is just one of the two very important reasons that you seriously need to install and try out Eset Nod32 antivirus !! (The other reason is because it is the most effective AV software on the market, bar none.)
You wll not believe how efficient the scan engine is & will not even know when it is scanning…Sno, if you never listen to another thing I say, at least give this a shot! 
I’ve scanned my computer twice and there is no issue with my computer. This is so bloody annoying. This time, my site got defaced the import & export pages in the control panel. This makes me think the issue more coming from cs-cart and i’ve noticed both cs-cart and my hosting provider about this, hope that they will fix this soon.
[quote name=‘Stuck’]Hey Sno,
This is just one of the two very important reasons that you seriously need to install and try out Eset Nod32 antivirus !! (The other reason is because it is the most effective AV software on the market, bar none.)
You will not believe how efficient the scan engine is & will not even know when it is scanning…Sno, if you never listen to another thing I say, at least give this a shot! :D[/quote]
Sno,
Install the whole suite while you are at it - complete with firewall etc.
It runs quietly in the background nothing like most others.
You will thank us later.
FIREWALL
THEN
ANTIVIRUS
… It’s so easy
This is so annoying. I gave out my ftp access to cs-cart staff and all 3 times I got virus after that. The first 2, my site also got hacked and yesterday, after providing the ftp access again, my host sent me an alert of “Excessive Resource Usage” because of the stupid core.php file which is also a virus that I got in the past.
Since I renew my support service, I got nothing but trouble, this pisses me off badly.
you need to change all the usernames and passwords on all your ftp accounts and you need to make sure you do not save the passwords in your ftp program, second the virus is on your computer, not the server, you need to get rid of the virus on your computer, so far everyone who has got this virus has had to re format their hard drive to wipe the virus out, after that you can then upload, over right the infected files on your web server via ftp, do not visit your website after you wipe your computer, if anything have your host take the site down, yes it’s that bad, have fun…
I don’t have this virus, the one I have is different one and my computers are all clean
[quote name=‘snorocket’]anyone else’s store get hit?
seems weird that 2 of our CS 2.06 sites got hacked, none of the 1.3.5+ were touched, and none of the other 20+ dir’s were touched, tells me the virus specifically went after CS 2.0+[/QUOTE]
Yep. A 2.0.7 install of mine got hit yesterday. I use Kaspersky/CuteFTP but I’m not convinced that was the route in as Kaspersky stops everything dead in its tracks. A 2.0.8 install for aother client wasn’t hit despite the password being saved in Cute.
All passwords changed just to be on the safe side…
I have made a suggestion in the bug tracker that they include this code as some sort of addon that can be enabled …
[url]http://badmalweb.com/bad-mal-web-extracts/bad-mal-web-extracts/injection-hack-detection-method---php-code.html[/url]
when enabled it would backup all the critical files and from then on do a compare
to see if its changed when a user visits that page .
it could be incorporated into the template editor also so that when you make changes there
the backup files are updated …
may help many sites…
just a idea !
Here’s a very simple but effective script I discovered that can track changes to any file in the root directory - www.sitewarder.com
It won’t stop the hackers but at least if you do get hacked, and a root file file, like index.php, has been changed, then at least you get a quick heads up notification via email that something has changed.
Hope it helps.
did you buy and install sitewarder? is it working?