Sending spam

[DrunkenBuck]

Hello,

 

 

On 18.06 someone broke into my my server and replaced the home page – at least this is what it looked like. The website was restored using backup from before the attack.

 

 

About a week later, the hosting operator blacklisted the server due to spamming – consequently, I upgraded prestashop (1.6.0.7 to 1.6.1.6), I updated all the modules, I downloaded all the files and scanned them with an antivirus software, and deleted any additional, infected php files from the sever. Of course, I changed the passwords to the panel, all the bases and mail accounts.

 

Everything was fine for several dozen hours, but then, unfortunately, the problem reoccurred, spam was once again sent from my server, which got blacklisted by the operator. This time I added a “safety patch” to the template.

 

Currently, the spam is being sent for the third time – some regularity can be observed, I have at least 24 hours without any problems. The attack is made after about 48 or 72 hours, so I presume it’s automated.

 

 

My questions – how to get rid of it? Is it at all possible? How to secure the server? What are the possibilities if determining the point of origin of the attacks?

 

[rocky]

I've seen many other people posting about the Send To a Friend module being used to send spam because it doesn't have CAPTCHA. You could try deleting that module from your server.

[DrunkenBuck]

Even if this module wasn't never installed ?

[rocky]

Yes, since the ajax.php file can be called even if the module isn't installed.