I Have been Hacked! what to do?

[noott123]

Hi there guys,

 

I got an email from my host yesterday saying,

 

"I have checked and I can see that the account has been suspended because of compromised files .

 

We recommend you to make a complete audit of your account and remove the content and reinstall the entire site from scratch from a clean source .Further , please ensure that the passwords for control panel , ftp and email are set to complex so that there is no back door entry ."

 

I have been hacked before, all i did then was go through my site and remove some script from the top of all my pages. but this time there is no script that looks like it shouldn't be there.

 

I have tried using my back up but alas this too seem corrupt. Really I'm asking what are my options.

 

Could I install a fresh and up to date oscommerce and then just link my database and upload my pictures?

 

Any advice would be much appreciated.

 

James

[BryceJr]

Could I install a fresh and up to date oscommerce...

Yes. Download oscommerce 2.3.1>>here.

 

...and then just link my database

No. This will take a little bit of work. Click >>here.

 

...and upload my pictures?

Yes.

[♥14steve14]

Dependant on how modified your store was you can install 2.3.1. You will have to manually transfer certian areas of the database, then add all the contributions that were installed in your old store.

 

When you tried to add your backup files to your hosts, did you completely delete all the files from the hosts first. An infected file may have still been on your hosts.

[♥geoffreywalton]

Just removing the script from the top of the pages is not enough. You have to identify how they got in originally and block that route as well.

 

Some detailed advice on how to do this is in my profile.

 

HTH

 

G

[KeySoft]

Hey noott123, You could check your "Store Name" to make sure they haven't inserted a java script there.

From the Admin side choose "My Store" under Configuration to check.