Hacked Prestashop 1.4.7

[Alvaro Tarela]

We have an old store with Prestashop 1.4 has been hacked , but can not find where or how to disinfect .

The problem is that if "www.shopdoaim.com viagra" is searched in Google , it shows a lot of results like this:

www.shopdomain.com/index.php?page=viagra-25-mg

 

By clicking the link, the site is redirected to a completely different store, but retains the URL. The fact is that it loads to http://bestbuypharm.com/ while retaining the URL of my store .

I do not know how the hack works, or how it works /index.php?page=xxx in the Prestashop.

I have looked everywhere things like code, decode, base64 , iframe , .htaccess , past antivirus , etc. But nothins appaers and I don't know where to look .

Request help, please.

 

 

[selectshop.at]

• First of all: upgrades are there for to clean possible hack possibilities.
• Second thing: don't use free modules. These could be contain malicious code.
• Third thing to avoid hacks: install SSL-Certificate.
• Fourth: change your passwords from time to time, especially if you outsourced adaptations on your shop.

 

How to get your store back: make a role back of your store to the time it was working without any problems. You should have a secured copy of it (or your provider). After this, deinstall all what you have running on free modules. Change all your passwords (database, FTP, etc.). Take into consideration to make an upgrade of your shop to latest Prestashop version.

[PrestaHeroes USA]

o change all ftp account and hosting passwords.

o get a fresh copy of files for your current version.  This can be used to replace native files.

https://www.prestashop.com/en/developers-versions#previous-version

 

0 make sure you have current up to date anti-virus, bitdefender for example

 

o now you want a copy of shop files on local computer, a folder

1) use ftp and download all files with ftp program filezila  

or 2) from hosting control create zip of shop  files, download and unzip into folder

 

now you can run antivirus against these files.

 

tips: most often hacks are caused by:

compromised ftp credentials

typicalliy a .js file that changes another file (via ftp look at /js file dates to see if anything changed recently.

incorrect file permissions 755 Folder 644 Files

incorrect file group owner, normally owner = domain 

 

Good luck.