Jump to content

Need help, website is hacked


TimPrestaNL

Recommended Posts

Hi,

I'm facing issue's with one of my webshops for a while now, my webshop keeps getting hacked every night at around the same time. The hack creates an .htaccess and index.php file in the public_html folder which causes my website to break...

The line that is added is the following:
Index.php:

**** removed ****


.Htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>


I recovered a backup, cleared up all the code and updated all modules, theme and prestashop.
This however didn't fix anything.. (Afterwards I recovered prestashop and my theme back to the older version because the site kind of broke..)

I figured the .htaccess file and the index.php file both still get created when I empty the whole public_html file...

Other sites (not prestashop) on my hosting are not effected.

The hack also seems to create folders with random names like '5fd9302df' this however was fixed when I updated all my modules.

However, a folder in my public_html named 'css' with the file index.php in it still gets created each time..

Can anybody help me with this, or point me in the right direction on how to fix this?
It seems like this is the japanese keyword hack, but I just can't figure out what cases this..


Luckely enough the site wasn't launched yet for our customers..

 

Thanks in advance!

Link to comment
Share on other sites

Hello, Which PrestaShop version you are using. Try to use latest PrestaShop version and also updated php version. You can check if their is any old module in your site. 

 

All modules also need to update. If you are unable then you can contact any good web agency what is suggested by El Patron .

 

Thank you

Link to comment
Share on other sites

Thank you El Patron and SmartDataSoft for your replies!
I'm updated to the latest version of prestashop and all modules are up to date as well. Sadly enough this, or making the htaccess read only didn't work. No hack is catched either when downloading the website to my pc.

I think it has something to do with an outdated module, that doesn't get any updates anymore.
I will try to contact to hire a specialist that hopefully can fix this.

Thank you for you kind answers and help!

Link to comment
Share on other sites

  • 4 weeks later...
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...