Site possibly hacked?

[acstudios]

Hey guys, my client had recently noticed that he was no longer receiving quote requests (Site is running as a catalog) a few weeks ago. He hadn't thought that much of it other than his traffic was down. Last time I had upgraded some modules on his site I noticed there was a suspicious file (can't remember the name) but I think it got in through the upload system originally disguised as a picture.

 

Anyways, all Email stopped from the cart at this time, and when we tried to log in last night it gave us errors. I took backups of the site from last night as well as at the beginning of June. I then went into phpmyadmin and reset the pass to the default admin pass. This didnt work, so I then tried deleting it from sql and using the tool to create a new administrator. Also no luck with this method so I restored all of the files from the beginning of June and tried the process several ways with no luck.

 

Has anyone experienced anything like this? or could someone possibly help out with some suggestions, I would be very appreciative!

 

Thanks in advance!

[shadow007]

website url or screenshot of all errors?

[acstudios]

www.usbdirect.ca

[Mort-lemur]

I dont think the basic security fixes have been installed, for instance you havent changed the name of your admin folder.

 

So I would suggest wiping the site. Installing the fixes on a clean backup then re-installing.

 

Thanks

[acstudios]

Is there somewhere that lists the basic procedure of the security fixes? Also I don't know that I have a clean backup. Is getting back into the admin impossible at this point?

[burt]

Fix your site which has been hacked.

Lock it down so future hacks will be unsuccessful.

There is a security thread which you can follow.

 

Inform Google (via webmaster tools) that your site is now cleansed (if necessary, have you checked your search results in Google?).

 

There are commercial services available to deal with this for you, search Google.