Prestashop HACKED

[ravvo03]

Hi to all,

my site was hacked first time in july, with warehouse theme vulnerability. I have fixed it deleted all modules vulnerable but not update my theme (version 3.2). After other attacks, i see that also prestashop version was not update and i also fix it.

Now every modules are updated and prestashop version is 1.6.1.7, but EVERY day i found files uploaded from unknow people. How can i detect where is the bug or backdoor that they use ?

Thanks for all helps

 

site: cutmoney.it

[BlekZ]

Hi,

explain your system.

It's an hosting? VPS? OS Linux/windows?

[ravvo03]

Hosting shared with Linux OS

[ravvo03]

Up!

[ravvo03]

Up!

[Nick57]

If they are still uploading files, then check your FTP log and access logs, it might be that they use ftp.

Another possibility is they use http upload from a file in a folder, the images folders are a nice place to hide such php scripts...

 

In your situation I would advice to change ALL passwords, your control panel mail boxes just everything!

Then scan all your PC/Laptop for virusses, trojans and other nasty bits and bytes, Bitdefender free antivirus and Malwarebytes are a good start.

 

Also compare the files on the server with a new clean install on another folder, Filezilla has a nice feature to compare folders, so you can easy see the differences.

 

If all fails then just wipes everything and install the shop again, but please do check your database for weird urls, as some hackers are very clever.

 

Good luck.