Wan Hanif Posted April 25, 2018 Share Posted April 25, 2018 This file have been hacked. What i need to do to recover my website? FILE HIT LIST: {HEX}gzbase64.inject.unclassed.15 : /home/customf1/public_html/controllers/front/html.php {HEX}base64.inject.unclassed.7 : /home/customf1/public_html/classes/helper/..../upil.php.php {YARA}AJAX_FileUpload_webshell : /home/customf1/public_html/lama/psadmin/ajaxfilemanager/jscripts/ajaxfilemanager_c.js {YARA}eval_post : /home/customf1/public_html/tools/readmes.php {HEX}base64.inject.unclassed.7 : /home/customf1/public_html/banner.php {YARA}md5_3ccdd51fe616c08daafd601589182d38 : /home/customf1/public_html/modules/blockfacebook/index.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5.php {HEX}php.generic.uploader.449 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1-2-3-4.php {HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5-6-7.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2.php {HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5-6.php {HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1-2.php {HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1.php Link to comment Share on other sites More sharing options...
selectshop.at Posted April 25, 2018 Share Posted April 25, 2018 Which Prestashop version ? Seems your extra modules in use are having a security issue. Homepageadvertise is not a part of Prestashop core. Perhaps you are using a theme which have this module included. In this case you should ask for support of themedeveloper (or module developer). For to recover your site you need to have a back-up of your FTP. If you don't have a recent back-up of it, ask your provider if he can recover the ftp for you. Simply upload to ftp all folders and files again, by replacing the one you are having now. Furthermore you need to close the security lack on the module homepageadvertise. These files you should delete, as they are not part of Prestashop core and added by hacker: /controllers/front/html.php /classes/helper/..../upil.php.php /lama/psadmin/ajaxfilemanager/jscripts/ajaxfilemanager_c.js /tools/readmes.php /banner.php /modules/blockfacebook/index.php Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now