Do you use OpenCart to take payments for your website? Have you come across instances of hacking resulting in dubious things (read: Spam) being sent to your customers without your permission? Read on to find out how to solve this.
As I sat there up in my ivory tower, looking down upon the rest of the internet. Observing the lights flickering as activity registers across the globe. I felt a warm sense of ease. Okay, I am sat on my sofa typing this for your eyes only. This time I am going to focus on how to fix an OpenCart that has been hacked and is now sending unsolicited mail to your address book or website users.
OpenCart is a fantastic tool, an open-source shopping cart or e-commerce online management system. Like the other management systems I write about, Wordpress, Drupal and Magento this is also PHP-based, utilising a MySQL database just like the others. This combined with its popularity also results in many attempts by hackers to compromise and manipulate websites to send out unsolicited mail or redirect customers to other websites, or even to steal data through phishing tools inserted via code (SQL injection). A server infection/phishing attack does not usually affect your sites usability, but it does often use a code injection to store user information in a secret folder. The hackers aim is to acquire as much of your data for it’s own uses as possible. They can then use this data to send spam to out mass spam to all of your users.
But what if you have been notified by customers of issues trying to complete a transaction on your OpenCart site and reporting strange behaviour? This issue is never a good thing… it’s one that can be beyond damaging to not only the trust your customers have in you, but a lingering stain on your company’s name. Like a particularly vicious fart.
I was reading of an issue a customer had with a businesses OpenCart site, whereby they could not make any payments through PayPal. The business made a ‘mock transaction’ to replicate this issue, and found that they were indeed compromised by a hacking attack. Upon further investigation the business user found that the hacker had used an exploit within a plugin to extract data, change database variables and also enable the hacker to change the website permissions.
An issue like this won’t just go away, you need to check your OpenCart websites files and folders and get to the bottom of this. You wouldn’t want your own companies reputation to be sullied by some unruly bastards antics.
So, this time I am going to focus on how to respond in the instance of being hacked.
By making a copy of your OpenCart website as well as the database, you are keeping track of the changes the hacker made. This is an evidential process that allows you to essentially forensically analyse the compromised version of your website and see where the vulnerabilities lay as well as where the hacker may have changed aspects of your OpenCart websites database.
Speak to your OpenCart web host about the issues you have had.
Following this, you can now rollback your website to an earlier version before the website was hacked. Login to your cPanel and check the users/admins. Delete all of the ones you do not recognise and remove the privileges that they should not have.
Ensure your plugins are all updated and supported frequently. This is something many people overlook, and in the case of the issue I mentioned above. The problem here was an infrequently updated PayPal plugin that created an exploitable hole allowing an SQL code injection that circumvented the security measures in place on that persons OpenCart.
Once you have installed OpenCart, you do not need this nor its installation files. It can be exploited, so just get rid of it. Simple.
Quite often people will leave the file permissions on their database as standard, this can be easily googled. For example as default file all files have the permission level 644. Change these to 444 to further restrict the files from being changed by anyone but you.
The ones to change are:
These are the main files a hacker will try and change by utilising an SQL code injection.
There are loads of ‘trawler bots’ that trawl the internet (cue my naming convention, smart eh) looking for pages that signify your use of OpenCart in order to attack them. One of these would be to check “www.yourwebsite.com/admin". Renaming this page stops the bots or even hackers from being able to to find the page and attack it.
This is something I continually go on about, but it is only because it is so gosh darn important. But if your OpenCart website has been hacked, adjust the permissions and change all passwords that could have been compromised. If an attack is successful, I would always recommend changing these just incase. It doesn’t leave any doors of opportunity open then.
You can install plugins that monitor the number of login attempts on your admin page. Monitoring the activity is important as you can not only get an overview of who is logging in, but also what they are doing and if they have admin permissions, what they may be changing.
If you have been hacked, you need to do all of the above and also take steps to prevent this happening again. You will also need to perform a website scan and see exactly where you have been compromised, or even where there is potential to be exploited. This is where we Moonwalk in like the smoothest of criminals and provide you with the means to be safer going forward.
It is always shite being on the wrong end of a hack, it makes you feel crap, affects trust in your product and impacts your business. So follow these steps, reduce the overall impact and give the hacker the middle finger as you harden your OpenCart website.