ravvo03 Posted October 13, 2016 Share Posted October 13, 2016 Hi to all, my site was hacked first time in july, with warehouse theme vulnerability. I have fixed it deleted all modules vulnerable but not update my theme (version 3.2). After other attacks, i see that also prestashop version was not update and i also fix it. Now every modules are updated and prestashop version is 1.6.1.7, but EVERY day i found files uploaded from unknow people. How can i detect where is the bug or backdoor that they use ? Thanks for all helps site: cutmoney.it Link to comment Share on other sites More sharing options...
BlekZ Posted October 13, 2016 Share Posted October 13, 2016 Hi, explain your system. It's an hosting? VPS? OS Linux/windows? Link to comment Share on other sites More sharing options...
ravvo03 Posted October 13, 2016 Author Share Posted October 13, 2016 Hosting shared with Linux OS Link to comment Share on other sites More sharing options...
ravvo03 Posted October 17, 2016 Author Share Posted October 17, 2016 Up! Link to comment Share on other sites More sharing options...
ravvo03 Posted October 19, 2016 Author Share Posted October 19, 2016 Up! Link to comment Share on other sites More sharing options...
Nick57 Posted October 22, 2016 Share Posted October 22, 2016 If they are still uploading files, then check your FTP log and access logs, it might be that they use ftp. Another possibility is they use http upload from a file in a folder, the images folders are a nice place to hide such php scripts... In your situation I would advice to change ALL passwords, your control panel mail boxes just everything! Then scan all your PC/Laptop for virusses, trojans and other nasty bits and bytes, Bitdefender free antivirus and Malwarebytes are a good start. Also compare the files on the server with a new clean install on another folder, Filezilla has a nice feature to compare folders, so you can easy see the differences. If all fails then just wipes everything and install the shop again, but please do check your database for weird urls, as some hackers are very clever. Good luck. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now