Site hacked

Hi guys,



Just had a rogue file uploaded to:

/public_html/cs-cart/controllers/admin/



Can someone please direct me to a post of document that oulines what permissions CS Cart dir’s should be set to to stop this happenning?



I have renamed admin, reset my Cpanel password, reset user account passwords. What else can be done to stop this?

check your apache log, to see with wich components the hacker upload file, wich files uploaded it ? give the extension name !

Hello Adammc,



We are sorry to hear that you experience such a problem.



In order to learn more information about permissions on CS-Cart files, please refer to this article in our Knowledge Base: [url]CS-Cart Documentation — CS-Cart 4.15.x documentation



If you noticed some suspicious files on your server, please do the following:


  • Install a good anti-virus system (if you do not have any) and check your computer, delete all viruses and trojan programs
  • Change all access information to your sites (FTP, Cpanel)
  • Remove unnecessary files.





    Anastasiya Kozlova

    CS-Cart Support team

Hi, thanks for the reply,



I was after more info on the exact recomendadations for CS-carts folder/file permissions. Is there a KB doc that tells me what for example to set the ‘var’ folder or the skins folders ?

[quote name=‘creativeuser’]check your apache log, to see with wich components the hacker upload file, wich files uploaded it ? give the extension name ![/QUOTE]



May 26 11:09:10 sphere-dse pure-ftpd: ( [NOTICE] /home/username//public_html/cs-cart/controllers/admin/prison.php uploaded (10868 bytes, 1.79KB/sec)



This was the only thing on my hosts logs…

Find the IP in the log in cs-cart statistic to see which page the hacker see

Thank you for the reply, Adamcc.



Yes, this article provides a detailed instruction on permissions on CS-Cart files:



Most of the CS-Cart files should have the 644 permissions, and all directories must be set to 755. The var, images, skins and catalog directories and all their subdirectories and files should have the 777 permissions. This is required to allow CS-Cart to upload files to these directories for routine operations. As regards the config.local.php file, it must have the 666 permissions (in the installed CS-Cart).





Anastasiya Kozlova

CS-Cart Support team

[quote name=‘CS-Cart Support team’]Thank you for the reply, Adamcc.



Yes, this article provides a detailed instruction on permissions on CS-Cart files:



Most of the CS-Cart files should have the 644 permissions, and all directories must be set to 755. The var, images, skins and catalog directories and all their subdirectories and files should have the 777 permissions. This is required to allow CS-Cart to upload files to these directories for routine operations. As regards the config.local.php file, it must have the 666 permissions (in the installed CS-Cart).





Anastasiya Kozlova

CS-Cart Support team[/QUOTE]





Hi, but doesnt setting those dirs on 777 allow hackers to upload whatever they want?

[quote name=‘creativeuser’]Find the IP in the log in cs-cart statistic to see which page the hacker see[/QUOTE]



They didnt access my site to upload the file, there are no other IPS aside from mine! ???

If you unable to find the log, ask your web hosting provider to provide you the full log of this week.



Second, scan you PC with good antivirus may be bitdefender online scanner may be help you…