My CS.Cart website has been hacked and a lot of damage done to my business from a hacker using the email address hackergood93@gmail.com
Does anyone know this guy and can help me deal with him? He is very good at what he does so I am not his first job that is for sure.
He seems to be Russian and works with cart websites and it seems besides CS.Cart he is into Magento and may live in Germany
Thank you and please help if you can I am in a corner here and losing a business that took me many years to get going and I rely on it to care for my family
Steve
Did you share your FTP logins or cpanel pass ?
Scan your PC with the good antivirus.
I have had a lot of failed log ins recently from Frankfurt in Germany.
I assume you have blocked the ip addresses being used at server level via blacklist or csf.
John
I would use SFTP and set the server to only allow this type of login. You could also change the default port number from 22 to some other random number like 2416 (make a note of it), when you connect in future via SFTP you would use this port number.
This will just make it a little more difficult and time consuming as the port number would have to be found by scanning.
Can someone tell me the relationship between a “hacker” using an email address and FTP?
If someone were using FTP to maliciously hack someone's site, why would they leave their email address as a signature?
Or did I miss something along the way here…?
The OP has not posted enough info about the nature of “the hack” for anyone to make recommendations on solutions. While the above SFTP suggestions are good practices, I don't know that it would help with their problem. More info is needed.
I was thinking the same thing. If a hacker is smart enough to hack into your site, do you think he'd be stupid enough to leave an email address, a correct IP address and the place where he lives?
Even I can hide these with 1 click of a button.
[quote name='Flow' timestamp='1366534144' post='160337']
I was thinking the same thing. If a hacker is smart enough to hack into your site, do you think he'd be stupid enough to leave an email address, a correct IP address and the place where he lives?
Even I can hide these with 1 click of a button.
[/quote]
Yes that makes sense but I have learned that a great many hackers love to brag and this hacker is at the top of the list he is very proud of his work.
He sent me a email patting himself on the back and even giving a few details on how he was able to hack my sites and steal all of my downloadable products from my filesharing service and how much he now enjoys owning them.
Then he offered to sell me a “hack proof” Magento website! Maybe a gmail account can be traced I do not know but I am following all leads and he left many of them
[quote name='Flow' timestamp='1366534144' post='160337']
I was thinking the same thing. If a hacker is smart enough to hack into your site, do you think he'd be stupid enough to leave an email address, a correct IP address and the place where he lives?
Even I can hide these with 1 click of a button.
[/quote]
I never said he left a IP address
I fiqure for him to track down where my data is stored he had to have bought something from me I lined up a sale that was very strange and it was made just before the break in and I am guessing it is him.
Also I have tracked him down using his email address to a couple of blogs and learned a few things
I realize there is a good chance someone here can help me if I give more details but I have shared all I can without showing the hacker all my cards
Since he seems to prey on CS-Cart websites I am sure he keeps a eye on this forum
Change your passwords and change them often
Being a little nieve in ths area, this thread makes me wonder. Aside from:
- Changing the admin.php address to something more obscure.
- Having a bulletproof password.
- Changing passwords if it's ever necessary to give a trusted third party temporary access…
what other steps can one take to secures one's site?
The biggest thing is to change the default file and directory permissions in confg.local.php to something more appropriate to your hosting site. Normally this would be 644 and 755 (or even 600 and 700). But this is dependent on the “mode” your site runs PHP in.
Most of my clients run php in “suPHP” mode and then the file/directory permissions become 644/755 with the ownership of files and directories being the cPanel account name. The document root directory (usually /home/
It's all simple, but yet complex if you don't know what your site does under the covers…
I need help asap things have really gone bad. I will pay someone who knows what they are doing please contact me if you are ready to help right now 904-685-2137