Back in december there was an exploit in the mailerphp file which was mentioned on here.
We had changed the files after being exploited. Supposedly every thing was clean.
Today we saw someone break in an place a small paypal order and then delete it. We checked the logs and below were what he went through. His IP was 192.160.102.164 which we blocked .
We renamed our admin which is why i let it be seen below.
I noticed the public_html/sph.php? file as something i hadent seen before.
I was going to check what was in it and just as mysteriously it was gone.
Im not sure how they got in as im the only one with admin prviledges or knows any of the passwords.
I changed cpanl, root,, admin passwords in the meantime.
Also i had hosting company look into it and they said this file was comprmised.
/home/justcommon/public_html/addons/data_feeds/controllers/admin/exim.php
They changed the permissions to 000 for it.
I am currently on 2.0.12
HOw do i find replace contents of that file with the original.
Also should i bring thi up in the help desk.
Odd thing is im the one where cusomters couldnt pay with paypal and the helpdesk
said my paypal..php was missing some lines and sent me the original file.
Paypal started working since then but then this just happened few days later.
Anyone
<div>/addons/data_feeds/controllers/admin/exim.php?g</div>
<div>/addons/data_feeds/controllers/admin/exim.php?g</div>
<div>/</div>
<div>/skins/default_blue/customer/print.css</div>
<div>/js/ajax.js</div>
<div>/skins/default_blue/customer/styles.css</div>
<div>/js/core.js</div>
<div>/skins/default_blue/customer/dropdown.css</div>
<div>/lib/jquery/jquery.js</div>
<div>/skins/default_blue/customer/images/icons/favicon.ico</div>
<div>/index.php</div>
<div>/addons/reward_points/js/func.js</div>
<div>/skins/default_blue/customer/styles.base.css</div>
<div>/skins/default_blue/customer/images/icons/icon_delete_small.gif</div>
<div>/skins/default_blue/customer/images/icons/filled_cart_icon.gif</div>
<div>/skins/default_blue/customer/images/icons/filled_cart_list_icon.gif</div>
<div>/skins/default_blue/customer/images/justcommonscom.gif</div>
<div>/skins/default_blue/customer/images/icons/go.gif</div>
<div>/skins/default_blue/customer/images/top_tools_delim.gif</div>
<div>/skins/default_blue/customer/images/top_menu_delim.gif</div>
<div>/images/banner/paymethodsaccepted.jpg</div>
<div>/skins/default_blue/customer/images/icons/cart_arrow.gif</div>
<div>/skins/default_blue/customer/images/sidebox_delim.gif</div>
<div>/skins/default_blue/customer/images/sb_title_bg.gif</div>
<div>/index.php?dispatch=statistics.collect</div>
<div>/index.php?dispatch=categories.view&category_id=6168</div>
<div>/skins/default_blue/customer/images/icons/sort_asc.gif</div>
<div>/skins/default_blue/customer/images/icons/breadcrumbs_arrow.gif</div>
<div>/skins/default_blue/customer/images/icons/icon_close.gif</div>
<div>/js/exceptions.js</div>
<div>/images/no_image.gif</div>
<div>/index.php?dispatch=statistics.collect</div>
<div>/addons/data_feeds/controllers/admin/exim.php?g</div>
<div>/addons/data_feeds/controllers/admin/exim.php?g</div>
<div>/sph.php?mode=login</div>
<div>/admin5511.php</div>
<div>/index.php?dispatch=categories.view&category_id=4742</div>
<div>/index.php?dispatch=statistics.collect</div>
<div>/index.php?dispatch=checkout.cart</div>
<div>/index.php?dispatch=checkout.checkout</div>
<p> </p>