Hacked - Need Help Urgently

[Guest on_way_to_fame]

Hi,

I urgently need some help. I was running CC 3.0.6 and it looks like my admin panel has been hacked. my front end is running fine, but when I go to my admin url, i see some message in another language with the word hack in it..and then it redirects to some other site. I would really appreciate, if someone could suggest what would be the best course of action.

P.S I can log into the admin panel...if I put mysite/admin/somefolder name, so it doesnt look like a serious problem?

Update: I deleted an html index file which was uploaded in my serevr, and the redirect seems to have been fixed. I cant really see any other potential threats now and I want to proceed to updating the forum now. But before I update my CC, is there anything else that I need to do.

Any help would be most appreciated.

Thanks

Ash

[Guest Brivtech]

Hi,

I urgently need some help. I was running CC 3.0.6 and it looks like my admin panel has been hacked. my front end is running fine, but when I go to my admin url, i see some message in another language with the word hack in it..and then it redirects to some other site. I would really appreciate, if someone could suggest what would be the best course of action.

Thanks

Ash

P.S I can log into the admin panel...if I put mysite/admin/somefolder name, so it doesnt look like a serious problem?

- Did you keep a backup? If so, restore it. if not:

- Upload the Admin files back onto your web server.

- Upgrade to the latest software

- Change all your passwords - FTP, CubeCart, and SQL.

- Check your system for spyware or viruses. The site that you are being redirected to could have something nasty that you don't see.

- Never give anyone your password, if you have to for support help, change it immediately afterwards.

That's the general advice we always give out.

[Guest estelle]

I would recommend the following...

1. Make backups of the following (save to your local computer)...

- Database

- includes/global.inc.php

- Your skin

- All images

- Your homepage content (language/en/lang.inc.php)

2. Move aside your existing store. e.g. rename "store" directory to "backup"

3. Install files from the latest CC version (but don't run the installation script)...

- Create your directory again, e.g. "store"

- Upload all files to this directory

- Do *not* run the installation script again (ie. where you enter admin details, database details, etc)

4. Restore configuration and content files...

- Upload your includes/global.inc.php file

- Upload your skin files

- Upload your homepage content (language/en/lang.inc.php) - Now load your homepage. If you see a completely blank page - don't fret. Follow the instructions below to upload your skin.

- Upload your images

- You store should now be setup and fully functional, except that mods will need to be reinstalled.

5. And as Brivtech suggested... change all passwords!

[Guest on_way_to_fame]

Hi Thanks for all the help.

Estelle,

I followed your steps and managed to update successfully from 3.0.6 to 2.0.10. Just had a few concerns and would be thankful if you could clarify.

As you adviced, I replaced the old lang language/en/lang.inc.php file from .6 with the one in .10 would it affect the update it anyways, i.e. is there a possibility there might have been an update in this file and hence I manually need to update it?

In the same way I replaced my .6 images folder with the one in .10, hence were there any updates in this folder.

Also in my old images folder, I saw a file called post_parser.php in the images/uploads/thumbs folder , it wasnt there in the images folder of the new CC, hence I was just wondering if this file actually belongs there?

Thanks

Ash

[Guest estelle]

Ash, oops, that was a small mistake.

Please use the *new* language/en/lang.inc.php, but use the *old* language/en/home.inc.php !

This file post_parser.php shouldn't be there. Which is why I recommended that you move your old store aside, and start with fresh files. So as long as you did this it will have cleaned out any files that may have been created by hackers and/or viruses.

(If you had instead uploaded fresh files over the top of your existing store, this would not remove any new files that may have been created by hackers)

Let me know if you have any other questions :)

[Guest on_way_to_fame]

Thank u very much estelle...seems like its all sorted.

Ash

[Guest saturnnights]

I'm curious - is this an issue with the web host itself, or CubeCart? I had a personal website hacked a few years ago and called my host and they told me that it was a security issue on their side and they said that they'd fix it immediately. They also restored my site from the previous day's backup on their end.

Other than keeping current with the latest version of CubeCart, how can we prevent this? Or is it just the way things are on the internet?

Mark

[Guest groovejuice]

One thing that has been recommended in the past is to turn register globals off in htaccess. If you do a search for 'register globals' you'll find instructions on how to do so depending on the level of access your host allows.

[Guest estelle]

There were security issues in 3.0.6 and all previous versions. These were patched successfully in 3.0.7-p1. There may even have been a few smaller security fixes in later versions.

If you're not a regular on the forums, the main thing to do is have your forum profile setup to allow important email notifications. That way you will be notified by email of any releases which fix major security issues.

[Lucia]

I swear on my kids and everything i love, i cried for months when these happened to me. i thought i would never be able to get my life together till my husband stumbled on a Twitter thread people talking about this particular Russian whom i contacted bohdanbohdan93 AT  mail . Ru and it took these experts 72 hours to hijack my account from those cyber scammers.. its just a terrible experience i pray nobody encounters frfr