Jump to content

How to clean up a hacked CubeCart store


Al Brookbanks

Recommended Posts

Back in September 2015 a major security issue concerning admin account hijack was responsibly disclosed to us. We released a patch and new version within 24 hours. 

A significant amount of stores have since been hacked via this security flaw as they were not kept up to date. Below are instructions about how to cleanse a hacked store.

Skill Level: Advanced
Estimated Time: 1 Hour+

  1. Use an FTP client to download all your store files to your computer. 
  2. Open the ini.inc.php file to discover what version you are currently on. It will look something like this:
    define('CC_VERSION', '6.0.8');     // Version Number
  3. Download that version from our website at https://www.cubecart.com/download
  4. Use a file comparison tool such as Beyond Compare to compare the contents of your store files versus the default files. The mode to display only orphan files is particularly useful. 
  5. This step is essential and requires coding experience. You need to delete any malicious looking files in your web hosting account that were discovered using the file comparison tool. Please be careful!
  6. Take a backup of the database via your web hosting control panel and upgrade CubeCart to the latest version
  7. If you are not able to login to the admin side of your store please reset the login via the database
  8. Once upgraded to the latest version login to the admin side of your store and navigate to the "Manage Hooks" section. Click on the "Code Snippets" tab and delete any code snippets you don't recognise. 
  9. It may now be a good idea to repeat steps 2 through to 5.

We apologize to all of those who have been affected by this security flaw. Our track record for security is fairly good and we will always patch any serious security issues within 24 hours. It is always crucial to keep your store up to the latest version.

Please note that we do offer a cleansing service as part of our Technical Support & Management support plan.  

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...