metalice Posted January 22, 2013 Share Posted January 22, 2013 hey, almost once a week lately some bot or some one is trying to stick a JS code into my index.php, to add links to the header and footer of the page, i casue the site not to go up, every time all i need to do i just to remove the code that been adde (in other words ro reupload the orignal index.php). how to protect my self by preventing the access of the the new code? thank you Matan Link to comment Share on other sites More sharing options...
Dh42 Posted January 22, 2013 Share Posted January 22, 2013 Change your FTP information, that is how they are getting in. Also you might want to read this for good security practices. Link to comment Share on other sites More sharing options...
metalice Posted January 22, 2013 Author Share Posted January 22, 2013 what do you mean by ftp information? Link to comment Share on other sites More sharing options...
Dh42 Posted January 22, 2013 Share Posted January 22, 2013 Your cpanel information for your site, that is how they are getting in, they have the user name and password. Link to comment Share on other sites More sharing options...
metalice Posted January 22, 2013 Author Share Posted January 22, 2013 no way the are coming from the cpanel or ligin to my ftp. this is something related to post commands... i dont know how to block it... Link to comment Share on other sites More sharing options...
Dh42 Posted January 22, 2013 Share Posted January 22, 2013 If you know exactly where it is coming from, then you should be able to stop it. What version of Prestashop are you using? It is virtually impossible for someone to change a file on your system without a security hole in the software or without ftp privileges. 99 times of 100 they get in through the ftp. What do your server logs reflect as per people logging in with the ftp? Link to comment Share on other sites More sharing options...
metalice Posted January 23, 2013 Author Share Posted January 23, 2013 the privileges on the index.php is 644. on the all folder of the site is 744. i dont know how post commands works. so i cant block it. where can i find those log? on the ftp? or cpanel? Link to comment Share on other sites More sharing options...
Dh42 Posted January 23, 2013 Share Posted January 23, 2013 From you host or in your cpanel is where you would get the logs. I think you are in over your head more than likely. Did you read about post commands on some website or something? Where are you getting this, it is incorrect information. I shared an article with you that shows you how to keep things safe. Also what version of Prestashop? Link to comment Share on other sites More sharing options...
metalice Posted January 23, 2013 Author Share Posted January 23, 2013 i consulted a friend that told me he thinks its post commands. i dont know how to protect my self and i didnt asked from him to help me he got enough on his head right now. but the hack only effect the index.php nothing else... whats is going with it? what should i change or do to make it stop? i read the article you linked here and as far as i can see everything is like that.. my host is hostgator and ps version is 1.4.7.0 for example if i will fix now and reupload index.php, after 2-5 hours it will be the same, just with a different script inside my index.php to a different site redirection, or to a different site links in the header... so it dosent look like someone is hacking, it feels like bot's that are scanning the internet and sending commands to sites hoping to score.. Link to comment Share on other sites More sharing options...
outblast Posted March 19, 2013 Share Posted March 19, 2013 I have this problem too, any fix found? Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts