Error: 'install' directory is missing

[Jay-H1]

Hello, I have an e-shop on www.direlo.cz with Warehouse theme and some modules and website was hacked. When it happened first time, I just overwrite hacked index.php with original from Prestashop downloaded pack and everything was fixed. Now it happened second time. When I overwrite the index.php, I get an error that index.php cannot stream from config/config.inc.php. (the file was missing). When I uploaded the config file from Prestashop pack, I have an error: "install" directory is missing. Do you have some tips what I should do? Thank you.

[exadra37]

You need to fix your Warehouse theme by following the instructions provided by the Warehouse team in their email for all the buyers of their themes, as per https://drive.google.com/file/d/0B6yfaCTJqFdeYldDNmg0d0Iwd1U/view

 

To restore your configuration file you need a copy  from the old one, the one uploaded from Prestashop pack will trigger to install the  Prestashop again.

 

The hacker may have already downloaded all your database,  therefore you must reset all your users passwords and alert the users to change their passwords everywhere they use the same email combination used in your store.

 

Also your store may have hidden scripts all in several places, once the exploit used by the hackers for the Warehouse them allow them to upload any kind of file to your hosting account and take full control of it.

 

They can delete all the content of your store if they want.

 

Look for a script called indoxploit.php or similar in the root of your store... this script when visited in the browser will give a control panel for the hacker to control your store.

 

 

 

If i was you i would restore your store from a clean backup.

[Jay-H1]

I made the hotfix, and I don't see any suspicious files. I think, that it should be ok. Problem is, that I don't have a clean backup:( Only one I have is this hacked one, and I need to get over the problem with "install directory is missing". When I deleted the config file, I have the different error, as you can see now on direlo.cz.

[exadra37]

If have been hacked a second time is clear that you continue to be vulnerable to the exploit, maybe because the hacker have now a back door installed in some place of your store.

 

You can fix your site as many times you want that you will continue to be hacked until you clean your store.

 

Please provide the Prestashop version if you want that people can help you more efficiently.

[Jay-H1]

I dont know how to get the version, because I cannot log in to the backoffice:( When I take the possibility, that I lost all the work I spent on customization, is it enough to export xml database to get all orders, customers, products. etc?

[musicmaster]

You can see your version in config/Settings.inc.php.

 

You might consider copy_shopdata to transfer your data:

https://www.prestashop.com/forums/topic/445453-copy-shopdata-script-for-copying-shop-content-for-upgrade/