Urgent help needed! Customers/Orders

[ufodepot]

Someone hacked into my site and I want to restore from an old backup, but there have been new customers and orders since the hack.

 

Which files have the customers and orders in them? Can I just restore the old backup and just replace the customers & orders files with the current ones?

 

Is there anyway to stop people from hacking into my website. Look at my website http://www.ufoexpo.com. They added the elumeinc.com at the bottom. I never signed up or heard of this company. Does anyone know who they are or anything about them?

[Guest]

Hope,

 

NO files contain customer information, they are store in the database. You can restore your .php files using known CLEAN copies and still maintain your database information.

 

This assumes your hacker did not gain access to your database.

 

 

 

Edit: once you clean your files, read these threads: Secure Your Site and Admin Security

 

 

Chris

[germ]

Known hack files in the catalog folder:

 

goog1e174a7f25252545.php

goog1e1b5eadb69dd0a2.php

goog1e2ea1c620216961.php

goog1e2ea5b17b4c1da5.php

goog1e3511c291b8b74f.php

goog1e458d765eb63836.php

goog1e541947f4bd068.php

goog1e57755f2b59431b.php

goog1eaca71acf809c8c.php

goog1ead67cf658845be.php

google57755f2b59431b.php

 

There are probably similarly named files in the images folder.

 

And there are more "suspicous" looking files with unfamiliar names in the catalog folder that are either trojan uploaders or cmd shells.

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

[ufodepot]

Hope,

 

NO files contain customer information, they are store in the database. You can restore your .php files using known CLEAN copies and still maintain your database information.

 

This assumes your hacker did not gain access to your database.

 

 

 

Edit: once you clean your files, read these threads: Secure Your Site and Admin Security

 

 

Chris

 

 

Thanks Chris,

[ufodepot]

Hope,

 

NO files contain customer information, they are store in the database. You can restore your .php files using known CLEAN copies and still maintain your database information.

 

This assumes your hacker did not gain access to your database.

 

 

 

Edit: once you clean your files, read these threads: Secure Your Site and Admin Security

 

 

Chris

 

 

Thanks Chris,

 

I do have Site Monitor installed on my website. But it never notified me.

 

Where do I find the database? Does it also have the information on all the orders and customer login creations? Can I just take it and copy it over to my older backup?

 

Thanks for your Help.

Hope

[ufodepot]

Known hack files in the catalog folder:

 

goog1e174a7f25252545.php

goog1e1b5eadb69dd0a2.php

goog1e2ea1c620216961.php

goog1e2ea5b17b4c1da5.php

goog1e3511c291b8b74f.php

goog1e458d765eb63836.php

goog1e541947f4bd068.php

goog1e57755f2b59431b.php

goog1eaca71acf809c8c.php

goog1ead67cf658845be.php

google57755f2b59431b.php

 

There are probably similarly named files in the images folder.

 

And there are more "suspicous" looking files with unfamiliar names in the catalog folder that are either trojan uploaders or cmd shells.

 

How to Secure Your Site

 

Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable.

 

Thanks Germ,

 

Yes I saw lots of those kinds of files and many more. They even added a blog file next to the catalog file. What a mess they created.

 

Where is the database file. Does it contain the customers, their logins and orders? Can I copy it over to my older backup and use it. There have been orders and new customers since my last backup.

 

Thanks,

Hope

[germ]

Thanks Chris,

 

I do have Site Monitor installed on my website. But it never notified me.

 

Where do I find the database? Does it also have the information on all the orders and customer login creations? Can I just take it and copy it over to my older backup?

 

Thanks for your Help.

Hope

SiteMonitor Log Entry for December 29, 2009, 1:38 pm No mismatches found 

 

Until tonight you hadn't used sitemonior in almost a year.

 

It can't be a useful tool if you don't use it regularly

:blush:

[ufodepot]

SiteMonitor Log Entry for December 29, 2009, 1:38 pm No mismatches found 

 

Until tonight you hadn't used sitemonior in almost a year.

 

It can't be a useful tool if you don't use it regularly

:blush:

 

Hi Chris,

 

What do you mean. I thought it ran on its own oncve it was set up and just notified me when someone else logged in. How do I use it? What am I supposed to do with it?

 

Thanks,

Hope

[Guest]

Hope,

 

It appears you have not been pro-active in maintaining your site. Site Monitor can be run as a CRON Job but you need to set it up that way. Otherwise, it is a manual function.

 

I suggest you take down your site, clean it....secure it and then upload it again. This will be time consuming but it is the best way to accomplish the task efficiently.

 

 

Chris

[ufodepot]

Hope,

 

It appears you have not been pro-active in maintaining your site. Site Monitor can be run as a CRON Job but you need to set it up that way. Otherwise, it is a manual function.

 

I suggest you take down your site, clean it....secure it and then upload it again. This will be time consuming but it is the best way to accomplish the task efficiently.

 

 

Chris

 

Hello Chris,

 

I downloaded my website. I would love to clean it up, but I haven't a clue how to do that. That is why I was hoping I could just take the customers and orders from my current website and put them into an older clean backup I have. Can that be done?

 

I haven't a clue what CRON is either. I looked and I have an older version of SiteMonitor 1.9 and they are now up to 2.6 can I just update it or do I have to remove the 1.9 then install the 2.6? How do I set up CRON?

 

I appreciate your help. I am not a computer wiz with this stuff and usually need explicit instructions.

 

Thanks,

Hope

[ufodepot]

Hello Chris,

 

I downloaded my website. I would love to clean it up, but I haven't a clue how to do that. That is why I was hoping I could just take the customers and orders from my current website and put them into an older clean backup I have. Can that be done?

 

I haven't a clue what CRON is either. I looked and I have an older version of SiteMonitor 1.9 and they are now up to 2.6 can I just update it or do I have to remove the 1.9 then install the 2.6? How do I set up CRON?

 

I appreciate your help. I am not a computer wiz with this stuff and usually need explicit instructions.

 

Thanks,

Hope

 

In cleaning up my site can I just delete files that were added by the hacker or will that hurt my website?

 

Thanks,

Hope

[Guest]

Hope,

 

If you have an older, clean version of your files........UPLOAD THEM. The database will remain the same (as long as no new contributions were added/removed between the old files and the current files).

 

 

I answered your Site Monitor question in the other post.

 

 

Chris

[germ]

There's a trojan in your backup and your admin is still a wide open door for anyone to hack you up again...

:o

[burt]

If you do not feel confident then, spend money on getting professional help to cleanse and lockdown your site.

 

As of right now, it is a matter of WHEN you get hacked again, not IF.