Site Hacked Help Needed

Hello Cs-cart community members I need urgent help my site has been hacked and was checked by cs-cart. Anyway cs -cart fixed what they found but today I went to work and found a email that there was a order on the site so I logged into my admin panel and the order was not there it had been deleted. Anyway 2 days earlier I had three orders from the same customer I noticed that the phone number was wrong so I deleted the orders but later that day that customer rang me and told me he didn't place the orders so then I was concerned so I contacted cs-cart but no one has contacted me back in the mean time as I said this morning I check my admin panel and that order was deleted and to my surprise it was the same customers account that was used can anyone please help me I have done all the security stuff that cs-cart has told me to do I changed admin url changed all passwords to ever think and they are still hacking the site I need help please any one fix these issues ??? please message me I will pay Thanks in advance

Hi Geronimo1,

Did you get any help from CSCart support?

What version are you running?

The problem may be more a server security issue.

Is Mod_security enabled on your server?



One of our customers websites experiences random reports from customers that their cc details have been stolen shortly after purchasing from their site, even tho they use the PayPal CC method which is suppose to be very secure.

Id be interested to hear how you went?

Cheers

I had these same problems and a lot more. I spent a year fighting hackers and finally I ended up doing a fresh install on a clean server and then paying for a expensive firewall service plus I block several countries now

There are 2 or 3 common hacks to cs-cart. The intrusion for all but one is usually outside cs-cart. I.e. it is not a flaw in cs-cart that allowed the intrusion. If you are on V4.1 or beyond then that vulnerability has been resolved and if earlier, you would have received an email for how to shut it down.



Most intrusions are from wordpress or other 3rd party software installed in the same document root as your store. Until you can find the source of the intrusion, you will just be continually patching the symptom.



It is pretty straight forward to find existing hacks into your store. However, to find the source of the intrusion can a long and labor intensive process. Contact us via the “get a quote” link in the signature and we can do an assessment of your installation if you can provide us the needed access to do so.

Back up, back up, back up…

I make 2 a day but do 1 at least per day so you will not loose orders while you pinpoint problem

[quote name='flasher' timestamp='1414720714' post='195760']

Back up, back up, back up…

I make 2 a day but do 1 at least per day so you will not loose orders while you pinpoint problem

[/quote]



backups and updates;)

Just be sure you're not backing up and restoring an already infected site. Best way to avoid this is to use our EZ Admin addon and monitor file changes daily.