Pharma1234 Posted June 10, 2024 Share Posted June 10, 2024 (edited) Hello, Someone complain me that i charged that is unauthorized. Well i have started searching what the hell is going on huh!! then i noticed When my Checkout page loaded, a custom payment gateway Which is coded in html displayed on checkout page. Class name : <div class="custom-card-form"> I have tried to figure out by searching in plugins but no such good result. I am using PS 1.7.6.8. <div class="custom-card-form"> <div class="custom-form-group"> <label class="custom-label">Numero di carta</label> <div class="custom-card-number"> <input type="text" id="cardnumccc" name="ccnum" class="custom-input card-number-input" placeholder="0000 1111 0000 1111 000"> <div class="custom-card-icons"> <img src="https://js.stripe.com/v3/fingerprinted/img/visa-729c05c240c4bdb47b03ac81d9945bfe.svg" alt="visa"> <img src="https://js.stripe.com/v3/fingerprinted/img/mastercard-4d8844094130711885b5e41b28c9848f.svg" alt="mastercard"> </div> </div> </div> <div class="custom-form-group"> <label class="custom-label">Titolare della carta</label> <input type="text" id="nameccholder" name="holdernamecc" class="custom-input cardholder-input" placeholder="Mario Rossi"> </div> <div class="custom-form-row"> <div class="custom-form-group"> <label class="custom-label">Data di scadenza</label> <input type="text" id="ccexp" name="ccexpp" class="custom-input expiry-input" placeholder="MM/AA"> </div> <div class="custom-form-group"> <label class="custom-label">Codice della carta</label> <input type="text" id="cvvcv" name="cvvvc" class="custom-input cvv-input" placeholder="CVV/CVC"> </div> </div> </div> This is the full code which i can see using Chrome inspect. and my checkout page give a look, (see attachment file) Surprise is when we complete this forum, this frame goes and my real payment methods shows. Can someone please help me to identify it? I wanna remove this backdoor. to avoid for more complains. Thanks in Advance: Edited June 10, 2024 by Pharma1234 (see edit history) Link to comment Share on other sites More sharing options...
Pharma1234 Posted June 10, 2024 Author Share Posted June 10, 2024 Anyone can help me direct the exact place where i can remove this backdoor? We are in trouble Please help us. Link to comment Share on other sites More sharing options...
Pharma1234 Posted June 10, 2024 Author Share Posted June 10, 2024 Well sorry for bumpy msgs I have tried to 1-click upgrade and got the following error. [INTERNAL] /var/www/vhosts/sitehttp/httpdocs/vendor/composer/autoload_real.php line 64 - require(): Failed opening required '/var/www/vhosts/sitehttp/httpdocs/vendor/composer/../symfony/polyfill-php70/bootstrap.php' (include_path='/var/www/vhosts/sitehttp/httpdocs/vendor/pear/pear_exception:/var/www/vhosts/sitehttp/httpdocs/vendor/pear/console_getopt:/var/www/vhosts/sitehttp/httpdocs/vendor/pear/pear-core-minimal/src:/var/www/vhosts/sitehttp/httpdocs/vendor/pear/archive_tar:.:/opt/plesk/php/7.3/share/pear') And all sidebar gone. Need urgent help to restore my site since i don have backup huh!! Link to comment Share on other sites More sharing options...
Inform-All Posted June 10, 2024 Share Posted June 10, 2024 (edited) Hi, This sounds like a job you should hire a developer for. If i where you i would ask your hosting company to set back a backup. I see you are using Plesk, so usually there is some form of automatic backups. Then i would first disable your shop and find and fix the mallware that is stealing payment info. Then make a legal statement that there has been a data breach and payment info stolen. Then i would strongly advice to hire someone to update your Prestashop. Edited June 10, 2024 by Inform-All (see edit history) Link to comment Share on other sites More sharing options...
Nickz Posted June 10, 2024 Share Posted June 10, 2024 (edited) On 6/10/2024 at 10:44 AM, Pharma1234 said: Anyone can help me direct the exact place where i can remove this backdoor? That won't help you long. You need to close the entrance. Only thorough procedure is to do a new shop and also here you need to be careful to use just client data and not also the attacker's. Edited July 12, 2024 by Nickz (see edit history) Link to comment Share on other sites More sharing options...
WisQQ Posted June 10, 2024 Share Posted June 10, 2024 In my case there was jpeg file that was loaded which had php code inside it. Someone uploaded it using backdoor from template module. Check img directory for large files and edit them using notepad. Link to comment Share on other sites More sharing options...
Pharma1234 Posted June 10, 2024 Author Share Posted June 10, 2024 1 hour ago, WisQQ said: In my case there was jpeg file that was loaded which had php code inside it. Someone uploaded it using backdoor from template module. Check img directory for large files and edit them using notepad. I have checked all images which are only mine. Link to comment Share on other sites More sharing options...
Pharma1234 Posted July 12, 2024 Author Share Posted July 12, 2024 I have fixed all myself. Please close the topic. New error come up regarding my site and opened new thread. Link to comment Share on other sites More sharing options...
Nickz Posted July 12, 2024 Share Posted July 12, 2024 4 hours ago, Pharma1234 said: I have fixed all myself. Please close the topic. New error come up regarding my site and opened new thread. It does not sound as it is fixed. Often an infiltration taken out, takes also out some vital parts in your shop. That is the very reason to do a new shop from scratch. Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now