My shop was hacked

[rectox]

Hi!

 

Today i would check my orders on my shop but the admin login didnt work. I open mysql and see that the admin email was changed to "[email protected]". How its possible?

 

My prestashop version: 1.4.4.0

 

Sorry for the bad english!

 

Many thanks!

[rturner]

Your host should be able to find the security hole that let him in; web hosts hate intrusions. Steps you can take: Make sure your admin folder has a really strange name, like "www.yourprestasite.com/adi0p9h3emin/" You could also go through your logs in your $HOME, figuring out the approximate time the intrusion happened and find the IP address and ban it through your .htaccess.

[Dh42]

Check through your server logs. I don't know if your host will actually take interest in it or not, but security is on your end.

[Carl Favre]

Hi rectox,

 

Have you already changed your database password? ftp password? etc.? to prevent him from corrupting your data.

[Dh42]

Also, if you can understand your server logs, see where the intrusion was. If they accessed your cpanel account and changed the email through there, or if they came through your shop first.

[rectox]

Hi!

 

The ftp log is okay. Only my IP. I have change the admin folder and password.

 

But how its possible?

[tuk66]

I open mysql and see that the admin email was changed to "[email protected]". How its possible?

Check last_passwd_gen field in ps_employee table. Is it the date changed? Note string from passwd field and then change email in the table to your email address and password in BackOffice to your last password. All of these things will help you understand if "[email protected]" was set only directly in the database (via MySQL or something) or by PrestaShop BackOffice.

[Dh42]

Rectox,

Also what 3rd party modules and theme are you running? Some are open to sql injections attacks. What payment method's do you have on your site too?