Prestashop have been hacked

[Wan Hanif]

This file have been hacked. What i need to do to recover my website?

 

FILE HIT LIST:
{HEX}gzbase64.inject.unclassed.15 : /home/customf1/public_html/controllers/front/html.php
{HEX}base64.inject.unclassed.7 : /home/customf1/public_html/classes/helper/..../upil.php.php
{YARA}AJAX_FileUpload_webshell : /home/customf1/public_html/lama/psadmin/ajaxfilemanager/jscripts/ajaxfilemanager_c.js
{YARA}eval_post : /home/customf1/public_html/tools/readmes.php
{HEX}base64.inject.unclassed.7 : /home/customf1/public_html/banner.php
{YARA}md5_3ccdd51fe616c08daafd601589182d38 : /home/customf1/public_html/modules/blockfacebook/index.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5.php
{HEX}php.generic.uploader.449 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1-2-3-4.php
{HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5-6-7.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2.php
{HEX}php.cmdshell.c99.228 : /home/customf1/public_html/modules/homepageadvertise2/slides/hous-1-2-3-4-5-6.php
{HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1-2.php
{HEX}base64.inject.unclassed.7 : /home/customf1/public_html/modules/homepageadvertise2/slides/upil-1.php

[selectshop.at]

Which Prestashop version ?

Seems your extra modules in use are having a security issue. Homepageadvertise is not a part of Prestashop core. Perhaps you are using a theme which have this module included. In this case you should ask for support of themedeveloper (or module developer).

For to recover your site you need to have a back-up of your FTP. If you don't have a recent back-up of it, ask your provider if he can recover the ftp for you.  Simply upload to ftp all folders and files again, by replacing the one you are having now. Furthermore you need to close the security lack on the module homepageadvertise.

These files you should delete, as they are not part of Prestashop core and added by hacker:

/controllers/front/html.php

/classes/helper/..../upil.php.php

/lama/psadmin/ajaxfilemanager/jscripts/ajaxfilemanager_c.js

/tools/readmes.php

/banner.php

/modules/blockfacebook/index.php