Urgent: Checkout redirects to fake checkout

[johnmoore84]

Hi, not sure im posting this in the correct place.

 

My site has been hacked, what happens is, when the customer clicks the 'checkout button' they are redirected to a fake site trying to get their card details. I have took my site down at the moment.

 

Also on the back end of the website, when i click the 'customers' tab it also redirects to the same fake checkout page.

 

I think that when you click checkout it goes to /quick-order then redirects very quickly to the fake site.

 

I am unable to locate the code I assume they have added to redirect it.

 

Any ideas where I need to look and what I am besting now.

 

 

Thank you 

 

Regards John

 

 

 

 

[endriu107]

At first you need to find out how someobody hacked you, did you check this topic: https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/ ?

In code you need to find redirect code, there is many way to do this for example:

 

 

<meta http-equiv="Refresh" content="0; url=http://www.example.com/" />

 

 

<script language="JavaScript" type="text/javascript">
location.href="example.php";
</script>

 

Redirect 301 / http://www.example.com/

 

 

<?php
header('HTTP/1.1 301 Moved Permanently');
header('Location: http://www.example.org/');
header('Connection: close');
exit();
?>

 

Tools::redirect('example.php');

[johnmoore84]

Hi Ambassadors, thank you for the link , will read through this now. The code you provided above, is there a certain file they would need to inject the code. My hosting company are looking into this as we speek. 

 

Thanks John

[endriu107]

It could be anywhere, at first start with header.tpl, it could be also some module hooking to header, you need to check your ftp.