[SOLVED] Flagged as Malware Site jquery-1.4.4.min.js jquery.easing.1.3.js +

[PrestaHeroes USA]

I was informed via email from google webmaster tools that one of our sites contained malware.

 

good lawd.

 

So I went and took a loom and found these files changed. Note: folder permissions 755 and file permissions 644. The files were changed on July 6th and the log files for that date have gone missing.

 

folder js/jquery

jquery-1.4.4.min.js

jquery.easing.1.3.js

 

and

 

folder js

tools.js

 

I replaced these files and google seems happy now.

 

If anyone else has seen this sort of problem and can shed light on how to avoid this...I'd much appreciate it.

[PrestaHeroes USA]

Note: I also applied (it doesn't pay to be lazy) the php cgi security fix posted by Carl and found here:

http://www.prestashop.com/forums/forum-11/announcement-39-read-carefully-security-procedure-php-cgi/

[Mike Kranzler]

Hi elpatron,

Please change your FTP password immediately. This isn't a PrestaShop-specific issue as the FTP client is usually the point of entry in these sorts of situations, so the best thing you can do is sever any remaining access by changing the password as soon as you can.

 

-Mike

[PrestaHeroes USA]

Hi elpatron,

Please change your FTP password immediately. This isn't a PrestaShop-specific issue as the FTP client is usually the point of entry in these sorts of situations, so the best thing you can do is sever any remaining access by changing the password as soon as you can.

 

-Mike

 

Done, thanks Mike.

[Mike Kranzler]

I'm glad I could help! Happy selling!

 

-Mike

[PrestaHeroes USA]

Hi Mike,

 

The very same exact thing happened again. Can you remove the solved bit.

 

1.4.6.2

[Mike Kranzler]

Hi Mike,

 

The very same exact thing happened again. Can you remove the solved bit.

 

1.4.6.2

 

Done, and I have a developer looking into this a little further for you.

 

-Mike

[PrestaHeroes USA]

Hi Mike, my previous (last post) was probably more in exasperation. I'm one to think everyone is good until they prove otherwise...in this case I'd like to rattle the teeth of people who actually do this sort of thing. But there is no one more at fault than myself. I was not conscious that my firewall (windows and mcafee) had been disabled. My windows update no longer functions at BITS is gone.

 

Let this be a lesson to me and anyone else that gets complacent, keep an eye our your local computer security as there are some very creepy people out there who rather than produce something tangible would rather steal from others.

 

I am sure many do not keep a local synced copy of their remote cms's...I finally cured my problem (fingers crossed) by downloading the site, then my 'new' security software found what my eye could not, other .js files changed including my module/blockcart file ajax-cart and a third party menu .js file. Note none of my local machine site was infected.

 

I reloaded what I missed and now seems (again fingers crossed) that all is well other than my faith in parts of humanity.

[Mike Kranzler]

Great, thank you for the update, and I'm glad you were able to find a solution! Would you like for this to be re-marked as solved? I'll leave it up to you this time.

 

-Mike

[PrestaHeroes USA]

Hi Mike, Thanks for your time and contributions...yes, please marked as solved.

[Mike Kranzler]

It's my pleasure. Happy selling!

 

-Mike