SriramKP Posted March 9, 2015 Share Posted March 9, 2015 Hi, My Prestashop site got hacked. We have deployed our online store on amazon web services(free account). Iam not able to upload the images and every time when I try to upload the products new EC2 instance is getting created. Previously I was not able upload the products with images, now every time when I upload new EC2 instance is getting created. I guess the hack could be from semalt. We identified the semalt link (semalt.semalt.com) from Back Office -> Stats -> Visitors origin and we used our website url in semalt website. I guess they might have identified my Admin URL from my client machine and accessed the admin folder arround 80 times and hacked. Kindly help me in following the precautions and securing my prestashop site. Best Regards, Link to comment Share on other sites More sharing options...
doekia Posted March 9, 2015 Share Posted March 9, 2015 (edited) Change your backoffice url, add an .htaccess to protect the backoffice directory with an apache authentication change your prestashop's employees passwords Sniff / analyse all files for backdoors (including images) Inspect employees profiles Edited March 9, 2015 by doekia (see edit history) Link to comment Share on other sites More sharing options...
SriramKP Posted March 9, 2015 Author Share Posted March 9, 2015 Hi Doekia, Thanks a lot for your suggestions. We already added .htaccess file to protect the backoffice directory with an apache authentication. Do we need to take any other precautions? Do we have any tools for analysing the files for backdoors? Could you please let me know how to Inspect employees profiles. Best Regards, Link to comment Share on other sites More sharing options...
doekia Posted March 9, 2015 Share Posted March 9, 2015 (edited) You need to do all of the mentionned actions Employee profile, force them to change the pass, remove suspicious, ensure email are safe. A htpasswd on the admin folder cannot protect you forever and since backdoor could have been implemented it may deserve no purpose untill you get rid of them. Analysis of file is mainly manual, painfull and time consuming. grep could help assuming you got console (ssh) access but doing the thing manually helps figuring out pattern to look at. So no, no tools and you better avoid any. It is a brain fight, better come with yours or ... surrender Edited March 9, 2015 by doekia (see edit history) Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now