[TIP] Site Hacked? First Steps to Recovery

[El Patron]

I will refine this procedure, part of this process relies on community feedback.

 

1. change your FTP passwords(s)

2. make sure your local computer has an up to date 'good' anti-virus program

3. make sure all facets of anti-virus program are turned on, i.e. web/email/file etc.

4. Connect to you remote shop via ftp

5. Download remote shop files to new folder on your computer using FTP

(if your anti-virus program does not automatically detect virus, run the anti-virus against the files.)

 

if your anti-virus program does not detect the imbedded urls and/or strings,

1. Identify the files. Use a search program to find the embedded urls and/or strings.

 

Now that you have identified the files, you need to replace them with good files.

1. download a fresh installation of your PrestaShop release

2. back up files identified above and replace them with the fresh install files.

(of course if it's your theme or non-native PrestaShop files then you will need those files)

 

Now upload the fixed files to your remote host. For 1.4 and file was .tpl, force smarty compile.

Visit your site, F5 to ensure browse cache of your site has been updated from remote.