@Eolia,
J'ai mis à jour le script et l'ai relancé sur le clone du site qui avait été hacké (je l'avais donc déjà lancé et fait ce qu'il me préconisait de faire, avec patchage et envoi des fichiers d'orgine, avant de faire les mêmes manips sur le site en prod)
Là, il me sort une liste longue comme le bras de fichiers qui auraient été modifiés (en orange) et surtout dans le dossier d'admin, il me trouve un fichier patch122.php. Je doute qu'il s'agisse d'un fichier créé par le script.
Je le joins à ce post, en .txt
Je me rappelle avoir à un moment installé le script de Doekia qui permettait de stopper les envois de spam via le formulaire de contact. Mais je doute que ce fichier ait quelque chose à voir. Il a l'air d'être pour PS 1.5. Une porte d'entrée ?
Merci pour votre avis éclairé 🙂
Edit : le fichier ne passe pas. Voici le code
<?php /* This file should be created inside your ADMIN_DIR */ /* Then run the file http(s)://domain.tld/<admindir>/patch122.php */ // Uncomment (remove //) the following line for debug purposes //@define('_PS_MODE_DEV_', true); require_once(__DIR__.'/../config/config.inc.php'); if (!version_compare(_PS_VERSION_,'1.5.4.0','>=')) { die('Sorry only version since 1.5.4.0 are supported.'.PHP_EOL); } $ps_root_dir = _PS_ROOT_DIR_; (substr($ps_root_dir,-1,1) != '/') && $ps_root_dir .= '/'; if (!file_exists($ps_root_dir.'override/classes/Validate.php')) { $content = <<< 'EOF' <?php class Validate extends ValidateCore { public static function isCustomerName($name) { if (preg_match('/www|http/ui', $name)) { return false; } return preg_match('/^(?:[^0-9!<>,;?=+()\/\\@#"°*`{}_^$%:¤\[\]|\.?]|[\.?](?:\s|$))*$/u', $name); } } EOF; file_put_contents($ps_root_dir.'override/classes/Validate.php', $content); @unlink($ps_root_dir.'cache/class_index.php'); echo 'class Validate is now overrided'.PHP_EOL; } else { echo 'The class Validate is already overrided. You should process manually.'.PHP_EOL; } if (!file_exists($ps_root_dir.'override/classes/Customer.php')) { $content = <<< 'EOF' <?php class Customer extends CustomerCore { /** * @see ObjectModel::$definition */ public static $definition = array( 'table' => 'customer', 'primary' => 'id_customer', 'fields' => array( 'secure_key' => array('type' => self::TYPE_STRING, 'validate' => 'isMd5', 'copy_post' => false), 'lastname' => array('type' => self::TYPE_STRING, 'validate' => 'isCustomerName', 'required' => true, 'size' => 32), 'firstname' => array('type' => self::TYPE_STRING, 'validate' => 'isCustomerName', 'required' => true, 'size' => 32), 'email' => array('type' => self::TYPE_STRING, 'validate' => 'isEmail', 'required' => true, 'size' => 128), 'passwd' => array('type' => self::TYPE_STRING, 'validate' => 'isPasswd', 'required' => true, 'size' => 32), 'last_passwd_gen' => array('type' => self::TYPE_STRING, 'copy_post' => false), 'id_gender' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId'), 'birthday' => array('type' => self::TYPE_DATE, 'validate' => 'isBirthDate'), 'newsletter' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool'), 'newsletter_date_add' => array('type' => self::TYPE_DATE,'copy_post' => false), 'ip_registration_newsletter' => array('type' => self::TYPE_STRING, 'copy_post' => false), 'optin' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool'), 'website' => array('type' => self::TYPE_STRING, 'validate' => 'isUrl'), 'company' => array('type' => self::TYPE_STRING, 'validate' => 'isGenericName'), 'siret' => array('type' => self::TYPE_STRING, 'validate' => 'isSiret'), 'ape' => array('type' => self::TYPE_STRING, 'validate' => 'isApe'), 'outstanding_allow_amount' => array('type' => self::TYPE_FLOAT, 'validate' => 'isFloat', 'copy_post' => false), 'show_public_prices' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'id_risk' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt', 'copy_post' => false), 'max_payment_days' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt', 'copy_post' => false), 'active' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'deleted' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'note' => array('type' => self::TYPE_HTML, 'validate' => 'isCleanHtml', 'size' => 65000, 'copy_post' => false), 'is_guest' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'id_shop' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'copy_post' => false), 'id_shop_group' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'copy_post' => false), 'id_default_group' => array('type' => self::TYPE_INT, 'copy_post' => false), 'id_lang' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'copy_post' => false), 'date_add' => array('type' => self::TYPE_DATE, 'validate' => 'isDate', 'copy_post' => false), 'date_upd' => array('type' => self::TYPE_DATE, 'validate' => 'isDate', 'copy_post' => false), ), ); } EOF; file_put_contents($ps_root_dir.'override/classes/Customer.php', $content); @unlink($ps_root_dir.'cache/class_index.php'); echo 'class Customer is now overrided'.PHP_EOL; } else { echo 'The class Customer is already overrided. You should process manually.'.PHP_EOL; } echo 'END'.PHP_EOL;