Jump to content
thirty bees forum
  • 0

HELP! I am hacked!!!

vsn

Asked by vsn,

 Share

Question

vsn Rookie

vsn

Posted
Posted

Hi all, since several weeks the number of orders have been repidly dropping. I checked the ordering process and was shocked to see the payment options. Instead of classical paypal and bank transfer methods there is strange payment method asking you to enter your credit data, see below. I guess this is a fake code :((( What should I do? 

TB 1.1, the shop is now in the maintanence mode.

 

image.thumb.png.2ef6141dc0aab47ce0d599798e206da6.png

Link to comment
Share on other sites

31 answers to this question

Recommended Posts

  • 0
vsn Rookie

vsn

Posted
  • Author
Posted
On 5/14/2023 at 8:57 PM, vsn said:

1. After restoring I am facing a folder / files server permission issue. Theay are somehow mixed. It is currently like this. Is this correct? Is there any way to fixed them by a script?

@datakickcan I just run the following script without any potential security issues? sudo find . -type d -exec chmod 755 {} \; sudo find . -type f -exec chmod 644 {} \;

Link to comment
Share on other sites
  • 0
vsn Rookie

vsn

Posted
  • Author
Posted

@datakickStrange things I noted:

1. [_PHP_ENCRYPTION_KEY_] was not in the settings.inc.php file (PHP Encryption library with the openssl extension (highest security) is used!) - I just added it manually

2. After renaming the admin directory, I have regenerated the .htaccess file in back office. But still the old admin directory name was used in the file! Then I just edited the admin folder name manually in the .htaccess file, but I guess it should be done automatically. TH 1.4.0 

Link to comment
Share on other sites
  • 0
datakick Experienced

datakick

Posted
Posted
45 minutes ago, vsn said:

@datakickStrange things I noted:

1. [_PHP_ENCRYPTION_KEY_] was not in the settings.inc.php file (PHP Encryption library with the openssl extension (highest security) is used!) - I just added it manually

This key is generated during installation, or when you switch from Blowfish to PHP Encryption. At least that's how it works on bleeding edge. Anyway, creating this manually works as well.

45 minutes ago, vsn said:

2. After renaming the admin directory, I have regenerated the .htaccess file in back office. But still the old admin directory name was used in the file! Then I just edited the admin folder name manually in the .htaccess file, but I guess it should be done automatically. TH 1.4.0 

Thirty bees does not add anything related to admin directory to .htaccess file. This might be your own manual addition, or entry by some module.

Link to comment
Share on other sites
  • 0
vsn Rookie

vsn

Posted
  • Author
Posted
On 5/15/2023 at 9:25 PM, vsn said:

@datakickcan I just run the following script without any potential security issues? sudo find . -type d -exec chmod 755 {} \; sudo find . -type f -exec chmod 644 {} \;

Nobody? 😞

It is about folder and file permissions on a server...

Link to comment
Share on other sites
  • 0
datakick Experienced

datakick

Posted
Posted 
sudo find . -type d -exec chmod 755 {} \;
sudo find . -type f -exec chmod 644 {} \;

This changes permissions of all directories and files to be readable and writeable by owner, and read-only to others.

It will work properly as long as all files are owned by your php server user, as it needs write permissions. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing
×
×
  • Create New...