I've been hacked - need help please

[Nina]

Hello,

My site was hacked. I checked the "customers" tab, and found almost 4000 new "customers" from porn sites.
I am deleting them one by one, it takes a lot of time to do it, as I cannot mark them all in one action.

I will change my password immediately (as admin) - but is there any other things I have to do?

Prestashop 1.6.1.3

Thanks in advance for any suggestion!

Sincerely,

Nina

 

[joseantgv]

I think you have not been hacked but you are suffering from SPAM: 

 

[Nina]

Thank you joseantgv,

Spamming is totally different. Spamming was correct if one of more (in my case, 4000) would automatically or manually place fake orders, send contacts and so on, and I would (or wouldn't) been notified about, usually by email. They are not signing in, just appear in my clients list.

In my case, no one placed any order!

Here is an example:

2840--Hot Ella Wants To Meet www.xurl.org/[email protected]/18/201910/18/2019 07:15:17

I found that all the "clients" come from a VPN address, and using from time to time an additional IP - reported as problematic.

185.188.182.170
46.22.220.10

I'll try to block them somehow, I don't know yet how to do it. robots.txt? .htaccess?

Thank you!

 

[joseantgv]

This is SPAM. Please check the solution I posted you previously.

[yama]

And if you don't want check the solution, update your ps 1.6, the last version has a fix for your problem.

[Nina]

@joseantgv

I am still trying to understand what do I have to do, as my French is not too good. I translated it to English using google translate.

However, what worries me is that this thread has a lot of replies (in my browser appears 5 pages). From what I understood in French, not everything is "going smooth" - but maybe I am wrong... So, again from translation, i found a line that I couldn't understand:
https: //votre-domaine.tld/votre-bo/patch122.php

what is ".tld/votre--bo"?
So, from what I understood, I have to upload the php file to a directory (bo?) - and this is all I have to do?

I am too afraid to update by myself the entire site, I may do something wrong and destroy it. So I prefer to use the patch.

Many thanks for the support!

Edited October 18, 2019 by Nina
I have to complete the question (see edit history)

[yama]

Quote

La méthode la plus simple (1.5.4.1+ à 1.7):

Un script qui fait ça tout seul https://area51.enter-solutions.com/snippets/122 (1.5.4.1+ à 1.7)
Créez une fichier patch122.php dans votre répertoire admin. Copier le contenu ci-dessus dedans.
Lancez le patch. https://votre-domaine.tld/votre-bo/patch122.php

The easiest method (1.5.4.1 to 1.7)

Create a file "patch122.php" in admin folder and copy the code from https://area51.enter-solutions.com/snippets/122

Execute the file: http(s)://website/admin/patch122.php where "website" is the name of your shop and "admin" the name of your admin folder.

Edited October 19, 2019 by yama (see edit history)

[tdsoft]

@nina you should ask your hosting provider, check PHP files modified in 1 months -> then delete hacked file

Also install some Prestashop modules as captcha, block spam... for protected your website

[Chill_user]

Go to db and delete all users u like.

[Nina]

7 hours ago, tdsoft said:

@nina you should ask your hosting provider, check PHP files modified in 1 months -> then delete hacked file

Also install some Prestashop modules as captcha, block spam... for protected your website

The entire issue - as far as I could see began in April. Meantime I've blocked the his 2 IPs with .htaccess, and it looks good so far.
Captcha and blocking spam - in my opinion.... - have no influence in my case, as he hasn't logged in - the 4000 addresses / websites appeared without any signing in....

However, meantime I found a real bug in the addresses / checkout modules, and crush my head how to solve them - as they appear in an additional thread.

I cannot permit myself now to use the services of "Fiverr" or to purchase any additional plug ins (for example a new WesternUnion) - so I do my best to fix, without too much knowledge