El Patron Posted July 11, 2012 Share Posted July 11, 2012 I was informed via email from google webmaster tools that one of our sites contained malware. good lawd. So I went and took a loom and found these files changed. Note: folder permissions 755 and file permissions 644. The files were changed on July 6th and the log files for that date have gone missing. folder js/jquery jquery-1.4.4.min.js jquery.easing.1.3.js and folder js tools.js I replaced these files and google seems happy now. If anyone else has seen this sort of problem and can shed light on how to avoid this...I'd much appreciate it. Link to comment Share on other sites More sharing options...
El Patron Posted July 11, 2012 Author Share Posted July 11, 2012 Note: I also applied (it doesn't pay to be lazy) the php cgi security fix posted by Carl and found here: http://www.prestashop.com/forums/forum-11/announcement-39-read-carefully-security-procedure-php-cgi/ Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 11, 2012 Share Posted July 11, 2012 Hi elpatron, Please change your FTP password immediately. This isn't a PrestaShop-specific issue as the FTP client is usually the point of entry in these sorts of situations, so the best thing you can do is sever any remaining access by changing the password as soon as you can. -Mike 1 Link to comment Share on other sites More sharing options...
El Patron Posted July 11, 2012 Author Share Posted July 11, 2012 Hi elpatron, Please change your FTP password immediately. This isn't a PrestaShop-specific issue as the FTP client is usually the point of entry in these sorts of situations, so the best thing you can do is sever any remaining access by changing the password as soon as you can. -Mike Done, thanks Mike. Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 11, 2012 Share Posted July 11, 2012 I'm glad I could help! Happy selling! -Mike Link to comment Share on other sites More sharing options...
El Patron Posted July 13, 2012 Author Share Posted July 13, 2012 Hi Mike, The very same exact thing happened again. Can you remove the solved bit. 1.4.6.2 Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 16, 2012 Share Posted July 16, 2012 Hi Mike, The very same exact thing happened again. Can you remove the solved bit. 1.4.6.2 Done, and I have a developer looking into this a little further for you. -Mike Link to comment Share on other sites More sharing options...
El Patron Posted July 16, 2012 Author Share Posted July 16, 2012 Hi Mike, my previous (last post) was probably more in exasperation. I'm one to think everyone is good until they prove otherwise...in this case I'd like to rattle the teeth of people who actually do this sort of thing. But there is no one more at fault than myself. I was not conscious that my firewall (windows and mcafee) had been disabled. My windows update no longer functions at BITS is gone. Let this be a lesson to me and anyone else that gets complacent, keep an eye our your local computer security as there are some very creepy people out there who rather than produce something tangible would rather steal from others. I am sure many do not keep a local synced copy of their remote cms's...I finally cured my problem (fingers crossed) by downloading the site, then my 'new' security software found what my eye could not, other .js files changed including my module/blockcart file ajax-cart and a third party menu .js file. Note none of my local machine site was infected. I reloaded what I missed and now seems (again fingers crossed) that all is well other than my faith in parts of humanity. Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 16, 2012 Share Posted July 16, 2012 Great, thank you for the update, and I'm glad you were able to find a solution! Would you like for this to be re-marked as solved? I'll leave it up to you this time. -Mike Link to comment Share on other sites More sharing options...
El Patron Posted July 16, 2012 Author Share Posted July 16, 2012 Hi Mike, Thanks for your time and contributions...yes, please marked as solved. Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 16, 2012 Share Posted July 16, 2012 It's my pleasure. Happy selling! -Mike Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now