Jump to content

Edit History

sorinsxtj

sorinsxtj

i will reply again  in this topic , it could be a long message , but i hope that it  can be useful for the many nubs  like me whom are using Presta.

PresatVault  sounds very good and is not  expensive , but what  will happend  if they took the control of ur  back panel ans simple disable the module?

for this i will  tell all the story  about what hapened to me . maybe it can be useful also for experienced guys. if is too much to read just ignore it

* first i got the info via  email that older Presta  can be  hacked  with an injection .. bla bla , u could find on ur shop root file blm.php

i did not pay much atention coz i was in holiday and thought that the   super guys will solve it  fast , plus i am a very small shop  , nobody wants nothing from me .  i checked   , the blm.php was there , Smarty on etc . but nothing strange on the site . imunify360  shows some files  cleaned  , all  ok 

then , surprise .  i try to make an order on my site  and  when  i had to chose payment  method  , a window that looks  almost exactly like my theme apears  and ask me for my credit card details. it was almost perfect , somebody worked on it. if i  compile  all data on that window (even write  wrong data there) the  window vanish and turns me back to the standard  payment  page of my website . and  it never apeared again. but the i had a doubt and create another customer  acount . same window till i copleted all fields with credit card details.

i sayd upss , and like i was in holiday and not much activity i asked my host to rollback a backup and reset my cpanel/ftp password.  swithc off SMARTY ,all was okay then/

what  I DID NOT do was to change also password of the shop ,  and to check  if there is also some more new user in  back panel. 

SO , after a week or  so , a client called me  that he does not have Paypal account and cannot order but he needs   that tool very fast. UPSSS again 

Smarty ON , try to order something  on my site ....Paypal screen. beleave me that i was frustraded  , i dont have enough knowledge  to repair it , google , forums  , guy that i know  is a developer in holiday ,bla  bla , friendly guys ,cheapest one was 600 eur . the sky was over me.

 now what i did is the most important thing in this love story

i have seen in the root of site a file b2b.php - i dont have b2b shop sio i deleted- nothing happens it has 0 bytes , but i figure out they replace  BLP file with B2B

then i opened in CPanel Imunify360 and noted all files atacked and cured by it ( see the pic bellow)

 

repelaced manualy all those files from a backup before atacks,  i will my have some problems with database later ( like i had when deleted test orders from  search bar of the browser , dont do that, anyway is another topic). made a clean of  orfan  things in my myPhPadmin

And haleluja , all back to normal.

then change again Cpanel password , this time  ALSO SHOP PASSWORD , emails  passwords of that domain , a fully scan of all PC  using  to work

then everyday several times i check if new files apeared on the root of my site and Smarty is OFF. i will see the results anyway on Monday coz both atacks took place on weekend when hackers are bored i suppose

 and  for sure i will buy  Prestavault module   acording sugestion of @El Patron , it should be usefull

sorry once again for the long bla  bla , i hope it can help somebody in the future

 

 

 

image.png

sorinsxtj

sorinsxtj

i will reply again  in this topic , it could be a long message , but i hope that it  can be useful for the many nubs  like me whom are using Presta.

PresatVault  sounds very good and is not  expensive , but what  will happend  if they took the control of ur  back panel ans simple disable the module?

for this i will  tell all the story  about what hapened to me . maybe it can be useful also for experienced guys. if is too much to read just ignore it

* first i got the info via  email that older Presta  can be  hacked  with an injection .. bla bla , u could find on ur shop root file blm.php

i did not pay much atention coz i was in holiday and thought that the   super guys will solve it  fast , plus i am a very small shop  , nobody wants nothing from me .  i checked   , the blm.php was there , Smarty on etc . but nothing strange on the site . imunify360  shows some files  cleaned  , all  ok 

then , surprise .  i try to make an order on my site  and  when  i had to chose payment  method  , a window that looks  almost exactly like my theme apears  and ask me for my credit card details. it was almost perfect , somebody worked on it. if i  compile  all data on that window (even write  wrong data there) the  window vanish and turns me back to the standard  payment  page of my website . and  it never apeared again. but the i had a doubt and create another customer  acount . same window till i copleted all fields with credit card details.

i sayd upss , and like i was in holiday and not much activity i asked my host to rollback a backup and reset my cpanel/ftp password.  swithc off SMARTY ,all was okay then/

what  I DID NOT do was to change also password of the shop ,  and to check  if there is also some more new user in  back panel. 

SO , after a week or  so , a client called me  that he does not have Paypal account and cannot order but he needs   that tool very fast. UPSSS again 

Smarty ON , try to order something  on my site ....Paypal screen. beleave me that i was frustraded  , i dont have enough knowledge  to repair it , google , forums  , guy that i know  is a developer in holiday ,bla  bla , friendly guys ,cheapest one was 600 eur . the sky was over me.

 now what i did is the most important thing in this love story

i have seen in the root of site a file b2b.php - i dont have b2b shop sio i deleted- nothing happens it has 0 bytes , but i figure out they replace  BLP file with B2B

then i opened in CPanel Imunify360 and noted all files atacked and cured by it 

 

repelaced manualy all those files from a backup before atacks,  i will my have some problems with database later ( like i had when deleted test orders from  search bar of the browser , dont do that, anyway is another topic). made a clean of  orfan  things in my myPhPadmin

And haleluja , all back to normal.

then change again Cpanel password , this time  ALSO SHOP PASSWORD , emails  passwords of that domain , a fully scan of all PC  using  to work

then everyday several times i check if new files apeared on the root of my site and Smarty is OFF. i will see the results anyway on Monday coz both atacks took place on weekend when hackers are bored i suppose

 and  for sure i will buy  Prestavault module   acording sugestion of @El Patron , it should be usefull

sorry once again for the long bla  bla , i hope it can help somebody in the future

 

 

 

image.png

×
×
  • Create New...