Opencart site hacked – my experience as a web developer

opencart site hacked

Hi,

During last week one of my client called me and informed me that his site was hacked. he asked me regarding what to do next ?? but before i start analyzing the site he told me not to do anything why ?? because he asked the hosting provider to provide files and database from their backup. after one day my client called me and told me that ” hosting provider is not having any backup and just you need to fix the issue”.

As a web developer to fix the hacked site is like doing new experiments on it. as I have much insights in opencart . I started analyzing the hacked site. I have observed that hacker has changed header files , changed java script paths. so I changed the header files and java script files from my back up and retested the site but than also it was not worked for me. afterwards I have started comparing the php files and template files from my backup but at the end I found that there is no any change made in code.

after this experiment I planned to take one tea break and started analyzing database. on analyzing the database I found an interesting entry in oc_setting table. for “google_analytics” code value entered was

<DIV ALIGN="CENTER" STYLE="margin-top:10px;position:fixed;background-color:red;color:white;z-index:10;">
<br/>
<H2>
YOUR SITE IS HACKED.HA HA HA
</H2>
</DIV>

you may refere some of the database screen shots as below

screen shot 1

opencart_database-1
opencart_database-1

screen shot 2

opencart_database-2
opencart_database-2

and opencart front end was like as below

opencart_front_page
opencart_front_page

admin panel screenshot

opencart-admin-panel
opencart-admin-panel

so I immediately deleted the Google Analytics Code from admin panel and disabled this option.

and site worked fine.

so I made a big mistake that i kept the very simple password for admin user . so hacker has used that simple and easy to guess password and made entry in google analytics.

So what precautions I have taken to stop such issues again

  1. changed the admin password made it long and complex
  2. secured admin folder/directory using .htaccess file so when admin want to access admin panel it will ask for popup password as below.
admin popup
admin popup

and afterwards admin will have access to login screen from where he may login in open cart admin panel.

hope this blog post will help you whan you get in trouble.

Good Day,

Jagruti

Share