Jump to content
thirty bees forum
  • 0

HELP! I am hacked!!!


Question

Posted

Hi all, since several weeks the number of orders have been repidly dropping. I checked the ordering process and was shocked to see the payment options. Instead of classical paypal and bank transfer methods there is strange payment method asking you to enter your credit data, see below. I guess this is a fake code :((( What should I do? 

TB 1.1, the shop is now in the maintanence mode.

 

image.thumb.png.2ef6141dc0aab47ce0d599798e206da6.png

Recommended Posts

  • 0
Posted
On 5/14/2023 at 8:57 PM, vsn said:

1. After restoring I am facing a folder / files server permission issue. Theay are somehow mixed. It is currently like this. Is this correct? Is there any way to fixed them by a script?

@datakickcan I just run the following script without any potential security issues? sudo find . -type d -exec chmod 755 {} \; sudo find . -type f -exec chmod 644 {} \;

  • 0
Posted

@datakickStrange things I noted:

1. [_PHP_ENCRYPTION_KEY_] was not in the settings.inc.php file (PHP Encryption library with the openssl extension (highest security) is used!) - I just added it manually

2. After renaming the admin directory, I have regenerated the .htaccess file in back office. But still the old admin directory name was used in the file! Then I just edited the admin folder name manually in the .htaccess file, but I guess it should be done automatically. TH 1.4.0 

  • 0
Posted
45 minutes ago, vsn said:

@datakickStrange things I noted:

1. [_PHP_ENCRYPTION_KEY_] was not in the settings.inc.php file (PHP Encryption library with the openssl extension (highest security) is used!) - I just added it manually

This key is generated during installation, or when you switch from Blowfish to PHP Encryption. At least that's how it works on bleeding edge. Anyway, creating this manually works as well.

45 minutes ago, vsn said:

2. After renaming the admin directory, I have regenerated the .htaccess file in back office. But still the old admin directory name was used in the file! Then I just edited the admin folder name manually in the .htaccess file, but I guess it should be done automatically. TH 1.4.0 

Thirty bees does not add anything related to admin directory to .htaccess file. This might be your own manual addition, or entry by some module.

  • 0
Posted
On 5/15/2023 at 9:25 PM, vsn said:

@datakickcan I just run the following script without any potential security issues? sudo find . -type d -exec chmod 755 {} \; sudo find . -type f -exec chmod 644 {} \;

Nobody? 😞

It is about folder and file permissions on a server...

  • 0
Posted
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 644 {} \;

This changes permissions of all directories and files to be readable and writeable by owner, and read-only to others.

It will work properly as long as all files are owned by your php server user, as it needs write permissions. 

  • 0
Posted
On 5/10/2023 at 10:49 PM, vsn said:

Hi all, since several weeks the number of orders have been repidly dropping. I checked the ordering process and was shocked to see the payment options. Instead of classical paypal and bank transfer methods there is strange payment method asking you to enter your credit data, see below. I guess this is a fake code :((( What should I do? 

TB 1.1, the shop is now in the maintanence mode.

 

image.thumb.png.2ef6141dc0aab47ce0d599798e206da6.png

I got a prestashop 1.6.1.24 (now it seams cleaned) with the same problem, blm issue right?

@vsn can you list the modules you are using with this thirtybees?

Maybe if it's not a ps/tb code problem we can match the unsecure module.

@for all

or do you know for sure that is the infamous "2022 code injection" issue and have nothing to do with ps/tb code?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...