Jay-H1 Posted July 10, 2016 Share Posted July 10, 2016 Hello, I have an e-shop on www.direlo.cz with Warehouse theme and some modules and website was hacked. When it happened first time, I just overwrite hacked index.php with original from Prestashop downloaded pack and everything was fixed. Now it happened second time. When I overwrite the index.php, I get an error that index.php cannot stream from config/config.inc.php. (the file was missing). When I uploaded the config file from Prestashop pack, I have an error: "install" directory is missing. Do you have some tips what I should do? Thank you. Link to comment Share on other sites More sharing options...
exadra37 Posted July 10, 2016 Share Posted July 10, 2016 You need to fix your Warehouse theme by following the instructions provided by the Warehouse team in their email for all the buyers of their themes, as per https://drive.google.com/file/d/0B6yfaCTJqFdeYldDNmg0d0Iwd1U/view To restore your configuration file you need a copy from the old one, the one uploaded from Prestashop pack will trigger to install the Prestashop again. The hacker may have already downloaded all your database, therefore you must reset all your users passwords and alert the users to change their passwords everywhere they use the same email combination used in your store. Also your store may have hidden scripts all in several places, once the exploit used by the hackers for the Warehouse them allow them to upload any kind of file to your hosting account and take full control of it. They can delete all the content of your store if they want. Look for a script called indoxploit.php or similar in the root of your store... this script when visited in the browser will give a control panel for the hacker to control your store. If i was you i would restore your store from a clean backup. 1 Link to comment Share on other sites More sharing options...
Jay-H1 Posted July 10, 2016 Author Share Posted July 10, 2016 I made the hotfix, and I don't see any suspicious files. I think, that it should be ok. Problem is, that I don't have a clean backup:( Only one I have is this hacked one, and I need to get over the problem with "install directory is missing". When I deleted the config file, I have the different error, as you can see now on direlo.cz. Link to comment Share on other sites More sharing options...
exadra37 Posted July 10, 2016 Share Posted July 10, 2016 If have been hacked a second time is clear that you continue to be vulnerable to the exploit, maybe because the hacker have now a back door installed in some place of your store. You can fix your site as many times you want that you will continue to be hacked until you clean your store. Please provide the Prestashop version if you want that people can help you more efficiently. Link to comment Share on other sites More sharing options...
Jay-H1 Posted July 12, 2016 Author Share Posted July 12, 2016 I dont know how to get the version, because I cannot log in to the backoffice:( When I take the possibility, that I lost all the work I spent on customization, is it enough to export xml database to get all orders, customers, products. etc? Link to comment Share on other sites More sharing options...
musicmaster Posted July 12, 2016 Share Posted July 12, 2016 You can see your version in config/Settings.inc.php. You might consider copy_shopdata to transfer your data: https://www.prestashop.com/forums/topic/445453-copy-shopdata-script-for-copying-shop-content-for-upgrade/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now