Found suspected URLs on my store. Help needed please!

[newbie2PS]

Dear all,

 

Recently, I checked my stat in BO thoroughly and found that since June 19, 2013 I found strange URLs on my prestashop store until today (attached 2 photos and yellow highlighted on suspected URLs). I guess the URLs might harm my site and I'm not sure if sometimes my store cannot be loaded because of the URLs or not.

 

So I contacted my hosting, it said I need to install some mulware module or something to protect my store. Also, I need to find the suspected URLs and clean them all by myself. However, I'm just a regular user who doesn't know about programming, server or others and I'm very new to prestashop. I have never submitted my URLs to any site yet because it's still under configuring and adding products process. What I've done is posting some questions in this and 2-3 forums about configuring websites and sometimes I posted my store URL.

 

Now, I'm wondering whether I got the suspected URLs from where? Or my hosting is not secure? Or what should I do to solve the problem. I'm using prestashop 1.5.4. I'm very afraid that my store might be shut down by those URLs.

 

Another observation from me, since the strange URLs got to my store, it seems that the numbers of direct links are very high. Comparing from first installation of prestashop on 2013.03.04 to 2013.06.18 (about 3 months) "Direct Links: 1427" and 2013.06.19 "Direct Links: 3481", it's almost double from 3 months of my store visits! I'm not sure if it's relevant?

 

One more thing, I received a message from my hosting about changing the port number on June 27 and the strange URLs first came on my store website on June 19. I'm not sure if it's relevant as well but my hosting did not mention that it's because of the hosting.

 

Now, I would like some suggestions from professionals here whether should I do to solve this problem and the reason of attacking. I'm planning to promote my website in the beginning of next month but I'm kind of afraid of putting my store url at other sites. I'm not sure what to do now.

Could some one help me please? Or there is any similar case on the previous post? I've tried to search but cannot find ones yet.

 

PS I typed my store url on the 2nd attached file (fromJuly23-26)

 

Thank you very very much. I very much appreciated all your replys in advance.

Sorry for my poor English.

[PrestaHeroes USA]

Please review this post:

http://www.prestashop.com/forums/topic/264340-tip-site-hacked-first-steps-to-recovery/

 

Please keep issue posts here on this thread.

[newbie2PS]

Dear El Patron,

 

Thank you very much for your information and the solution to deal with it. I already changed the ftp password and I'll try all steps. I wonder if there is any protection solution for the store?

 

Best Regards,

Edited July 31, 2013 by newbie2PS (see edit history)

[PrestaHeroes USA]

Dear US Moderators,

 

Thank you very much for your information and the solution to deal with it. I already changed the ftp password and I'll try all steps. I wonder if there is any protection solution for the store?

 

Best Regards,

 

let us know how it goes for you....

 

did google report your site as hacked? either through webmaster tools or when you visited the site?

[newbie2PS]

I don't see Google report about hacking both ways. My friend just browsed my site and he said his Norton software did not report any risks. When I have any progree, I'll let you know again. Thanks!

[newbie2PS]

Dear El Patron,

 

I've done downloaded all the files from ftp and used the trial version of bitdefender to scan virus of all files and found no threads.

However, my friend suggested me to use http://www.safer-net...ng.org/private/ to scan the files. But I'm not sure if I know how to use it or not first time I selected all. It took a long time and not all files being successfully scanned and later on my computer cannot boost so I tried to reinstall the program. After that I used it to scan folder by folder but it seemed not working during scanning the 2nd or 3rd time. I'm not sure. So I stopped using it.

 

I therefore came up with a solution to use a new hosting and reinstall prestashop 1.5.4. I import the current database from current hosting. And I try to use the edited files from my own backups but I might have to compare the rest files from ftp backed up on June 17th before found the bost in "Stat Visitor Origin" on June 19th. Nevertheless, after installation the prestashop and importing the database also uploading some files on my computer to ftp, I found that some ip in "Stat Visitor Online" and check them on http://www.ipchecking.com/. It said some of them are

 

Suspicious / Bot, Comment Spammer

or

Problem hostnames/domains (could cause email problems.)

Note:These entries are for URLs or email domains, the IPs that may show up as 'spamvertised' only indicate where the URL/Host was seen being sent from. Listings for IPs that are 'spamvertised' will not usually cause blocking problems unless the email contains the IP address as a URL

or listed in CBL

 

I'm not sure if I can trust the bot information from the website or not. I think I'll try to do some methods from this post

http://www.prestasho...hop-shops-safe/ on the current prestashop and see what else I can do more.

 

If you have any further suggestions, please kindly let me know. I very appreciate your time to help me. Thank you very much!!!

 

Best Regards,

Edited July 31, 2013 by newbie2PS (see edit history)

[newbie2PS]

Dear El Patron,

 

I think there is possibility that I will set my site at the new hosting. I just found out after reading this article about securing ecommerce site from http://blog.dh42.com/best-e-commerce-security/. I think a part of the unsecurity might come from my current hosting. Though, I'm not really sure about that. For now, I think I'll try if I can set up everything at the new hosting to make sure that my store will be secured as much as possible.

 

Best Regards,