Hacked

[Badipool gmbH Schweiz]

Hello, i have a big problem with my Prestashop 1.61.6 i get for 1 week hacked, and they changed the index file.

i made a backup of prestashop and database end everything was good.

 

now the host provider called me and said that someone hacked on my prestashop and send many spam mails.

 

1.website problem http://pool-outlet.ch

hacked model: modules/simpleslideshow/slides/sx_xx.php

i already delete this modul.

 

2.website problem http://angebot.badipool.ch

also he said me that this call : angebot.badipool.ch/admin130987/ajax-tab.php?rand=1468404066484

makes the spam mails.

 

i really dont know what do do i can not finde the hacked file.

 

is here someone (company) who can help me and clean website? 

 

thanks a lot for helping 

 

michael

[El Patron]

Hi Micahel, there have been a lot of issues lately and sorry for your issue, here is someone that has fixed a lot of shops:

 

https://dh42.com/blog/fixing-prestashop-warehouse-theme-hacks/

[rocky]

Strange that the hackers figured out your admin folder name. Did you post it on the forums previously? You can try renaming your admin directory to something else and being careful not to post it anywhere. Hopefully, that will help.

[Badipool gmbH Schweiz]

Strange that the hackers figured out your admin folder name. Did you post it on the forums previously? You can try renaming your admin directory to something else and being careful not to post it anywhere. Hopefully, that will help.

Hi Rocky, thanks for your replay i allways change the admin folder name.

I really dont know where they come in but i think because i have also a wordpress on the same hoast everything started with the wordpress than after when i fixed wordpress prestashop was hacked.

 

now i contact the company what El Patron gives me they will help me to clean it up. ( thanks El Patron ;-) )

 

i will update you what they say.

 

thanks a lot 

[tuk66]

Is your shop clean now?

 

Usually, vulnerable modules open a door to the file system and hackers upload their "bad" scripts this way. I have seen (and yes, cleaned as well) that four different hackers infected one shop within four days, changed the core PrestaShop files and sent out administrator's emails and passwords.