Post by crissyb » Mon Oct 03, 2022 8:01 pm

Hi,

I've been hacked before and was able to search the files in the database and clear everything up.

two years on I've been attacked again this time I'm finding it hard to locate anything

this is the page it takes random customers to an AD page, it's clever as if you have accessed the website before it won't divert you.

Version 3.0.3.2 does anyone have any helpful tips on locating? I'm running a virus on my server now, I have ninja already on


<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_WW3rU/KgjfyyHe74LOMv6JwkrjuyFBtrfo6XiW1SH1REkf6yEWKy09pnNXpQAykvOdkJkcvmn/AINbn9qlJqaw=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" href="https://www.google.com" crossorigin><link rel="dns-prefetch" href="https://parking.bodiscdn.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiZTU2ODc3Y2ItNGViYS0wZGVlLTI2MDMtYjk2ZmU0MWQxM2MyIiwicGFnZV90aW1lIjoxNjY0Nzk3NDIxLCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3ODIudWstcGVwdGllcy5jb21cLyIsInBhZ2VfbWV0aG9kIjoiR0VUIiwicGFnZV9yZXF1ZXN0IjpbXSwicGFnZV9oZWFkZXJzIjp7ImNvb2tpZSI6WyJfX2dzYXM9SUQ9OGI0MGE1NzQzYzgzMzdmMjpUPTE2NjQ3OTUyNjk6Uz1BTE5JX01ZZmFvdDFGSjd3bnNuRWZkdEJDNk9EOFFGc2ZBIl0sImFjY2VwdC1sYW5ndWFnZSI6WyJlbi1VUyxlbjtxPTAuOSJdLCJhY2NlcHQtZW5jb2RpbmciOlsiZ3ppcCwgZGVmbGF0ZSJdLCJhY2NlcHQiOlsidGV4dFwvaHRtbCxhcHBsaWNhdGlvblwveGh0bWwreG1sLGFwcGxpY2F0aW9uXC94bWw7cT0wLjksaW1hZ2VcL2F2aWYsaW1hZ2VcL3dlYnAsaW1hZ2VcL2FwbmcsKlwvKjtxPTAuOCxhcHBsaWNhdGlvblwvc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkiXSwidXNlci1hZ2VudCI6WyJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTA2LjAuMC4wIFNhZmFyaVwvNTM3LjM2Il0sInVwZ3JhZGUtaW5zZWN1cmUtcmVxdWVzdHMiOlsiMSJdLCJkbnQiOlsiMSJdLCJjb25uZWN0aW9uIjpbImtlZXAtYWxpdmUiXSwiaG9zdCI6WyJ3dzgyLnVrLXBlcHRpZXMuY29tIl19LCJob3N0Ijoid3c4Mi51ay1wZXB0aWVzLmNvbSIsImlwIjoiODYuMTU5LjE1My4zIn0=";</script><script src="/js/parking.2.97.2.js"></script></body></html>

New member

Posts

Joined
Thu Jan 05, 2012 2:04 am
Location - Middlesbrough UK

Post by JNeuhoff » Mon Oct 03, 2022 8:13 pm

Simple: Compare all of your uploaded files with those of a standard OpenCart, there will be differences because your site is compromised. And change your passwords!

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by crissyb » Mon Oct 03, 2022 8:26 pm

It appears to be SQL related and not files

New member

Posts

Joined
Thu Jan 05, 2012 2:04 am
Location - Middlesbrough UK

Post by ADD Creative » Tue Oct 04, 2022 1:21 am

Using a database administration tool such as phpMyAdmin it's easy to search a whole database for certain text. If you search for parts of the injected code it may show up in one of your database tables.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by johnp » Tue Oct 04, 2022 2:09 am

ADD Creative wrote:
Tue Oct 04, 2022 1:21 am
Using a database administration tool such as phpMyAdmin it's easy to search a whole database for certain text. If you search for parts of the injected code it may show up in one of your database tables.
+1. Go through all your database tables and remove anything that shouldn't be there. If you have Ninja on it must have either been there before you installed Ninja or you haven't set Ninja up correctly.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by paulfeakins » Tue Oct 04, 2022 7:00 pm

It's very hard to find all traces of a hack so we recommend getastra.com.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom
Who is online

Users browsing this forum: No registered users and 111 guests