Jump to content
thirty bees forum
  • 0

malware


Pietroalberto

Question

Hi, I had my domain suspended for malware, this is the report:

FILES INFECTED IN YOUR HOSTING ACCOUNT:
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
/home/cantina/public_html/themes/niara/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/cantina/public_html/themes/community-theme-default/header.tpl
SMW-INJ-CLOUDAV-js.spam-27295-5 Infected
/home/pcb/public_html/themes/berto/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/pcb/public_html/themes/niara/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/pcb/public_html/themes/community-theme-default/header.tpl
SMW-INJ-CLOUDAV-js.spam-27295-5 Infected
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

I replaced the reported file, taken from the backup and updated the theme from the core updater.
Do you have any advice on how to search for malware and prevent it or useful information
Thanks

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

  • 0

This polifill was flagged as malware by everybody because the domain that served it was overtaken by some hackers and they used it to distribute junk. There is no records that it was abused on any thirty bees / prestashop shops

The both thirty bees themes were updated right after this was disclosed.

No need to scan for anything. If you have some tool build into your hosting - you can use it. Otherwise don't worry.

In order to be on schedule with thirty bees' development you can track code changes here: https://github.com/thirtybees
You can also help develop the platform by submitting issues or enhancement ideas here: https://github.com/thirtybees/thirtybees/issues

As you can see in GitHub the development is active and many bugs are fixed, many new features are active. I would suggest if you want your shop to be in best shape switch and update to edge (also for your community themes). 

Cheers!

EDIT: Just saw that you replaced header.tpl form a backup - this will not solve your issue. This code was part of the theme for very long time, before the domain was overtaken by those Chinese hackers. Its usage was normal and it had purpose on very old IEs.

You have to modify the file as described in the link above - just delete the lines in red.

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...