can't login (Empty file AdminLoginController.php)

[Radek100]

Hi,

 

I am using Prestashop version 1.6.1.4. and it happened that I can't login into BO (once a week). If this happened I go to FTP and the file AdminLoginController.php is always empty 0 kb size. So I replace it by original file - then works everything ok.

 

I already tried to change password to FTP - (there were some weird files on FTP which I deleted - all of them) and I also changed access to BO and login folder on FTP. But these changes haven't helped. AdminLoginController.php was empty again today.

 

It looks like someone can get to FTP files but only I have regular access. Do anybody have some suggestions?

 

Thank you so much in advance!

 

[mircomx]

Im having the same issue, the file keeps getting hacked for some reason. I removed and replaced all malicious files with a fresh installed files. Changed all my passwords as well. 

Edited August 10, 2017 by mircomx (see edit history)

[Scully]

Your must consider your database and ALL passwords and all system data as compromised. All passwords includes:

 

- customer passwords

- administrator user passwords

- database credentials (username, password)

- email adresses

- your salt to hash the passwords

- your email / smtp passwords

- eventually even FTP or SSH login credentials

 

If you only restore your PrestaShop from a backup, you will get hacked again and again. Updating your shop might help - together with changing all password related data. I would also change the mail address I use as administrator.

 

One of the major culprits in terms of getting hacked are file upload mechansms which are used to inject code (instead of uploading images) to your server. However, there are also many other ways. There are also a number of known modules which security flaws. Look here:

 

https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/

Edited August 10, 2017 by Scully (see edit history)

[Scully]

By the way, it is not obvious that the overwritten file points to new hackings. It is possible that some code still remains in your systems and is executed from time to time. One could use cron (but unlikely) but rather functions which are modified but not executed on a daily basis. But when executed, the infection spreads again.

 

Recently I have seen injeted code where the PayPal Module has partially been overwritten. To hide the change, the injected code set back the modification timestamp to the time prestashop was initially installed. This made it hard to figure out file changes by timestamp. At the end there was only the solution for a complete new setup with new release and a fresh installation.