How to know if it was my Prestashop that was hacked?

[plj.jul215814]

I am building my site and have a cheap shared server hosting plan for the time being. I have someone doing custom work on it for me. The only other thing installed, but unused, was Wordpress.

 

This morning I went to check the site out and got a screen with a picture of a burning American flag, and it said "hacked by Ahmed hawlery"

 

When I tried the /prestashop where my store is I got a 404 not found. Went into cpanel and all of prestashop is gone. I had the most recent version..1.4.9 (did not upgrade to very newest)

 

So, how do I know if prestashop was hacked? Or was it a hole in Wordpress ? (I just installed the wp 2 months ago )

 

I don't want to continue if I have to worry about my customers being greeted by that garbage.

 

When I am ready to go live I will be on a dedicated server with hardware firewall.

 

Has anyone seen this before ? Please advise. Thanks!

 

Julie

[clayton29657]

I have never seen this before Julie. Sorry to hear you're having issues. By chance do you have back-ups? Also have you contacted your webhost regarding this issue at hand.

 

Clayton

[El Patron]

Sorry to hear that that is a real shame. Generally you get hacked by FTP. Make sure to change all your FTP passwords.

[plj.jul215814]

The hosting company was aweful! NO apology, no sympathy. They told me most likely due to open source software. In your experience, do you think it's more likely it was Wordpress related?

 

Normally, I will bd behind hardware firewall when I go live.

 

I'm very anxious to hear back from the developer! He would have the backups. He's hours away in timezone.

 

 

[vekia]

I think that the problem wasn't with prestashop. I think that the problem was with server security.

Can you get access to server logs? Maybe there you can find (if hacker was lame) some trails

[El Patron]

The hosting company was aweful! NO apology, no sympathy. They told me most likely due to open source software. In your experience, do you think it's more likely it was Wordpress related?

 

Normally, I will bd behind hardware firewall when I go live.

 

I'm very anxious to hear back from the developer! He would have the backups. He's hours away in timezone.

 

The best thing to do is live and learn from this. Its a crime and you are a victim and in my honest opinion have been violated by people who are social rejects. They can find no place in mainstream society and do this to act out. Pity them.

[plj.jul215814]

I think that the problem wasn't with prestashop. I think that the problem was with server security.

Can you get access to server logs? Maybe there you can find (if hacker was lame) some trails

 

I also think it was server security. When I questioned them, all I got was "we have state of the art security". I don't know if I'm more outraged by these losers going around hacking websites, or the lack of customer service from the hosting company. Seriously.

 

I highly doubt I can get access to the server logs.

 

I did a google search for the hacker message that occurred and it seemed to appear a lot on blogs so I do hope it was a wordpress thing. I just won't use Wordpress.

 

I am encouraged to read people don't think it's Prestashop related. All the hosting company would say is "it's in the code of open source software" which has me petrified to utilize an open source shopping cart.

 

If I make sure I'm on a dedicated server behind a good hardware firewall, and we are staying up to date, I should be ok, right? This is a HUGE move I'm working on.

[plj.jul215814]

The best thing to do is live and learn from this. Its a crime and you are a victim and in my honest opinion have been violated by people who are social rejects. They can find no place in mainstream society and do this to act out. Pity them.

 

I do pity them but they still really pissed me off.

 

It also was very unsettling to go to the site and have that image of the American flag on fire, given all the unrest in the world. I'm sure it was done to try to intimidate people even if they are just social rejects sitting behind a computer with nothing better to do with their life.

 

Lastly, if that happened to my website when it was live, that would be a *major* blow to my particular business. I cater to tens of thousands of female customers, mostly over the age of 50 and that would have scared them out of shopping with me ever again.

 

Anyway, I am SO done with this hosting company come first thing Monday!

 

Thank you all for replying to me. I do feel encouraged that it probably isn't Prestashop that is the problem.

[rturner]

Your access logs should be available by ftp in your home directory. Possibly in a directory called access-logs. You can open them with Notepad and it shows the ip address of people who entered your server via ftp or ssl. If it's ftp, someone probably guessed the password is all. When I ran a mail server from home, it was incredible how many people tried to hack in every day. My logs even showed the password combinations they were trying to use. It's possible there was a breach through wordpress, particularly if the application wasn't completely up to date. At any rate, if it was through ftp, you can put a line in .htaccess to keep them out, assuming they are using a real ip address and the same one. Be all that as it may, I think Prestashop is pretty secure, or I wouldn't have my main company using it.

[Paulito]

Good Morning,

 

I am sorry to hear about your problems, it is always a shame that normal hard working people are affected by these idiots that seem to have too much time on their hands.

 

If it's any consolation you are not alone, even GoDaddy was hacked on Monday with countless 1000s of sites going down.

 

All you and the rest of us can do is get a good server with good security.

 

Paul

[plj.jul215814]

Your access logs should be available by ftp in your home directory. Possibly in a directory called access-logs. You can open them with Notepad and it shows the ip address of people who entered your server via ftp or ssl. If it's ftp, someone probably guessed the password is all. When I ran a mail server from home, it was incredible how many people tried to hack in every day. My logs even showed the password combinations they were trying to use. It's possible there was a breach through wordpress, particularly if the application wasn't completely up to date. At any rate, if it was through ftp, you can put a line in .htaccess to keep them out, assuming they are using a real ip address and the same one. Be all that as it may, I think Prestashop is pretty secure, or I wouldn't have my main company using it.

 

I just looked in my file manager under home directory and there is a folder called access-logs. It is completely empty?

 

I will have the guy working on my site look into it. Thank you!

[El Patron]

Honestly our site got hacked in June via FTP. Don't know how but I can tell you it really bothered me. We work hard to get 100% customer satisfaction. We got blacklisted by many sites and antivirus (read blacklist) because of this and lost a crap load of sales. I'd like to rattle someones teeth inside their head.

 

As rturner, a fine community member said check your logs bu my understanding is once then gain control first delete log files...

 

if your site is compromised

• delete and readd all FTP users with new passwords. delete access to any non trusted users.
  
• change your mysql db password, this requires changes to config/setting.inc.php
  
• I am assuming your mysql db has not been hacked
  

as your entire root is gone then from 'hopefully' you can recreate from back of custom files

• test you back up on a locahost
  
• run a antivirus software (typically don't need to run as it identifies the file and quarantines it) on your local host machine
  
• hacks typically modify .js files, so always check modified dates when you have not lost your root files
  
• Once you get your site back up set .htacces to read only via FTP. This will disallow ps from auto generating an .htaccess file.
  

suerte(luck) amigo

Edited September 16, 2012 by elpatron (see edit history)