bnadauld Posted January 25, 2021 Share Posted January 25, 2021 I got hit last year by this bot so i reverted to a back up and removed the phpunit directories. Now the damn thing it back again but this time causing us to have all my sites shut down on my hosting. Can anyone point me to a good guide so i can check where to look for all the parts of the malware? Thanks Link to comment Share on other sites More sharing options...
musicmaster Posted January 25, 2021 Share Posted January 25, 2021 No doubt there are better solutions. But one option you could try is the function Prestools to export file lists of a Prestashop installation. That way you can compare them with a similar list from your localhost that is guaranteed safe and see where there are extra files and were there are differences in file size. (shop-rescue -> File list export) 1 Link to comment Share on other sites More sharing options...
bnadauld Posted January 25, 2021 Author Share Posted January 25, 2021 Thanks for the help. Last time i used beyond compare to check every file with old backups that i had saved. Im was thinking i'll reinstall the latest version of 1.6 (locally) and connect to a copy of my current database, reload all my products via csv and my modules - then do a compare. Does the 'Prestools to export' method do this/similar - is it a module? ive never seen shop-rescue in the backoffice... Link to comment Share on other sites More sharing options...
musicmaster Posted January 25, 2021 Share Posted January 25, 2021 That sounds like you never used Prestools: 1 1 Link to comment Share on other sites More sharing options...
bnadauld Posted January 27, 2021 Author Share Posted January 27, 2021 I haven't heard of it - but I'm installing it right now. Thanks again for your help! Link to comment Share on other sites More sharing options...
puffdade Posted January 27, 2021 Share Posted January 27, 2021 bnadauld you may remember me as I commented a few times on your previous experience, I used a relativly cheap external company to clean the two main domains on my server the company was called Astra they charge per domain its a yearly subscription and they cleaned the 2 shopping carts of everything thats naughty and monitor and block anything moving forward, a module is set up in the back office and they go to work cleaning up the server. I had to go down this route as all my backups were also trashed in the process I had somewhere around 700 infected files, as quick as I could delete and clean I was infected again its been a long road but my server is now 100% clean I think its cost around 300usd a year for 2 shops, you can talk to a human and they are quick responding it was the helping hand i needed at the time and have peace of mind now you can find them here https://www.getastra.com/prestashop-firewall 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now