Site was hacked with KodiL dQ99sHeLL

My site was hacked and they uploaded a php file to my catalog directory. The hacked page is titled: KodiL dQ99sHeLL v3.02 29.01-2009

This allowed them to browse all the files and open the config.php file. Then they changed the user passwords.

I was running 1.3.5 and now have installed the newest version. I don’t know if this was specific to version 1.3.5, but they have distroyed my site by doing this.


I have seen several posts for hacks. This is very serious. There should be an investigation by cs-cart developers to determine if there are flaws in the software or if the problem is at the hosting site or from a person ftp’ing up files from a local computer. There was one posted where code was inserted into a cc file that sent credit card info to a yahoo account.


You need to change all passwords for everything, most importantly change your FTP account username/password, change database names, usernames, passwords. Then wipe the entire site through FTP and re- install a fresh copy, it’s possible the original database is still fine, most likely it’s only the files on the server infected, in addition make sure you have your virus protection up to date and do not store your username/password in your FTP program as this is most likely how they gained access.

I had my web hosting company set up a new account and I installed version 2.0.9. I had to upload the categories & products and changed all the other configurations manually. Tried using the upgrade, but it failed. Now I need to go back a customize the look again.

Every account has a new username and password.

Golfcart, I just replied to your other thread …

However, after seeing what you posted in this thread, I strongly advise your web hosting provider contact me immediately!

They may be in worse shape and more serious danger than they realize!