May Have Been Hacked

Something looked suspicious today and

checked my files changes detector and

saw files changed in

addon>paypal>func.php file

Dont think i ever made any changes there.

Is there anyone who know where i can get copy of the original file of that so i can compare them.

Im currently using 4.6.3

Thanks in advance

Try to find clean installation package, unpack it and compare files content. Sometimes CS-Cart marks unmodified files as modified

Their comparison is horrible! I.e. if you open a file and it's on a Linux system, the line endings may change or the newline at the end of file is added and they see it as a modification. The proper way to do it is to strip all whitespace from the files before you compare. During upgrade, I always have conflicts for stuff in var/langs or the composer control files even though none of those files have ever been touched.

Giving misleading conflict info obstructs valid conflict info with noise. Hate to say it, but our EZ Admin Helper 'monitor files' functionality is much better. Tells you what's been modified, new or removed.

Why is the snapshot file constantly updated? It should be directly related to an upgrade, not updated on the fly.

Their comparison is horrible! I.e. if you open a file and it's on a Linux system, the line endings may change or the newline at the end of file is added and they see it as a modification. The proper way to do it is to strip all whitespace from the files before you compare. During upgrade, I always have conflicts for stuff in var/langs or the composer control files even though none of those files have ever been touched.

Giving misleading conflict info obstructs valid conflict info with noise. Hate to say it, but our EZ Admin Helper 'monitor files' functionality is much better. Tells you what's been modified, new or removed.

Why is the snapshot file constantly updated? It should be directly related to an upgrade, not updated on the fly.

If you open file on windows, it does change the line endings yes. On linux, certainly not. Furthermore, if you use version control, it will always enforce unix style line endings, which is what CS-Cart uses. So you are definitely doing something wrong if the hash does not match.

I never open a file from Windoz.

I review files in 'vi' on Linux and do NOT save the files. Example: right now it shows app/Tygh/Database/Mysqli.php as being changed. It has never been modified, but it has been opened for viewing. And the upgrade always shows conflicts for var/langs but none of those are ever modified by me either.