Jump to content

Website hacked, please help. :(


Guest gothgrrl

Recommended Posts

Guest gothgrrl

Hi there,

I hope you can help me. I noticed an intruder had logged into my Admin panel, so quickly changed passwords etc and checked my files. My virus checker picked up on a couple of 'Shell99' trojan files and deleted them, (my hosting company says no files have been altered which obviously isn't true) but i've also noticed that when placing an order (I use Mals-E) a new credit card form appears before the usual genuine one.

I re-installed my transfer.inc file, but now my Mals-E won't work properly (after going to payment it says there's no items in my basket and doesn't re-direct to my store anymore.) Can anyone help? I'm leaving for holiday tomorrow and am frantic that I might not have a business to come back to if I don't get to the bottom of what's happened. :(

Thanks. :)

Link to comment
Share on other sites

Have you applied any mods to the site?

Run a full back-up and download to your home PC. Run a virus scan (remember to update your av definitions)

Disable the SEO mod (if you have it applied)

If your site is not modified, then;

save /includes/global.inc.php

Check /images/uploads and insure it only contains image files (and a single .html file)

Check /images/uploads/thumbs and insure it only contains image files (and a single .html file)

Check /language/en

ensure it only contains;

config.inc.php

flag.gif

home.inc.php

lang.inc.php

Providing the store is unmodified, then you can delete ALL other folders and files.

So, leave;

includes/global.inc.php (or re-upload later)

/images/uploads/

/images/uploads/thumbs/

Then, download the latest Cubecart V3 and upload the CONTENTS of the "upload" folder to your site.

If your original version was old, you may need to run the database upgrade script.

Once this is done, copy the global.inc.php file from your PC to the site.

Jason

Link to comment
Share on other sites

Guest gothgrrl

Thanks so much for replying Jason, i'm so worried about this that i'm considering cancelling my holiday! :( I did take a back up and run both AVG and Avast scans through all files and it didn't find anything. That was after i'd deleted the 'Shell99' files though. As my site is heavily modded I was hoping I wouldn't have to start from scratch. It's taken so long to get it how it is today. :) As my scanners aren't picking up on anything, do you think perhaps there is something else I could do to fix the 'Checkout'? I thought re-uploading the Mals-e transfer.inc would have fixed the problem. It does take away the bogus payment screen (when I looked at my old transfer.inc it was clear it had been tampered with, and there had also been a includes.text file added to the Mals-E file).

(sorry I meant to add that i'm sure it was the images/uploads file that containted the infected files that I deleted.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...