Your website site isn’t behaving as it was some time ago or something is strange for you? But how do you know that problem is due to a hacked attack? Let’s take a look at some of the signs telling that your site has been hacked.
- You can’t log in to your CS-Cart or Multi-Vendor admin panel;
- You have received a notification from Cloud or VPS hosting team about some security issues or risks:
- Your hosting provider has warned you about the unusual activity of your project;
- Your domain/website is redirecting to another site;
- Your website has been changed without your or your team actions (for example, a block was placed on the homepage or new posts were added to your website blog);
- When you or other users are trying to access your store, you get a warning in a browser;
- When you search for your store, Google gives a warning that it may have been hacked.
Let’s take a look at each of these points in more detail to understand what is happening and what we should do.
You can’t log in to your CS-Cart or Multi-Vendor admin panel
If you can’t log in to your admin panel, it might be a sign that your store has been hacked. However, it’s more likely that you have just forgotten your password 🙂
Before, you assume that you’ve been hacked, try resetting the password to your email address. If you can’t, that’s a warning. Hackers sometimes remove users or change user email addresses and passwords to prevent real admins from accessing the website and keep on making their criminal activities. If you’re unable to reset your password, your user account could have been deleted or deactivated, which is a sign of hacking.
You have received a notification from Cloud or VPS hosting team about some security issues or risks
Your domain/website is redirecting to another site
Sometimes, hackers add a javascript that redirects your customers to another site when they visit yours. This will probably be a site you don’t want your users to be taken to, for example, ads/phishing, or it can be your competitor.
It once happened, for example, when a university website my friend managed was redirecting to a dating site. As you can imagine, he wasn’t pleased with that situation and asked me to drop everything else I was doing and fix it straight away.
It turned out that it was security misconfiguration on their server with outdated software, not on the website, which is one reason only to use quality hosting. I helped them change the hosting provider as soon as possible, correctly configure their webserver, and fixed the hack almost immediately.
Browser warnings
If your browser is warning that your site is compromised, it could be a sign that your project has been hacked or compromised. It could also be due to some code in a theme or plugin that you need to remove, or an issue with domains or SSL.
Read carefully messages given with the warning in your browser to help you diagnose the root cause of the problem. In case you don’t understand or need help with it, don’t hesitate to contact us to get help!
Search Engine warnings or notices from Google Search Console
When you search for your site after it has been compromised or hacked, Google and Yandex may display you a warning. Also, you can see this message on the “Google Search Console.” Read more.
That means that the store has been hacked, and this incident starts affecting the search engine results. If so, you need to investigate what happened immediately. Our hosting team has a dedicated information security specialist who can help you with detecting the way of compromising and fix it.
Why CS-Cart/Multi-Vendor projects get hacked
Insecure passwords and common names for admin panels
These are some of the most frequent causes of hacking. The most commonly used password in the world is “password” or “qwerty” and URL for admin panels like “secureadmin.php” 🙁 Check your password with this password checking tool https://haveibeenpwned.com/Passwords, for example.
Secure passwords are necessary not just for your admin account, but for all your users and all aspects of your project including SSH/sFTP (we recommend using SSH-keys with extra keyphrase).
Out of date software
Plugins and themes, as well as CS-Cart and Multi-Vendor core itself, are subject to security updates that need to be applied to your site. If you don’t keep your themes, plugins, and version of CS-Cart up to date, you’re making your site vulnerable. Think about upgrading.
From the server-side, our Hosting solution continuously updates server software and implement security patches in 3h after there was published at any time day or night. In case of any security patch or service pack about security for CS-Cart and Multi-Vendor, we implement it immediately with close communication on CS-Cart architecture and support teams.
Forgotten files and sensitive information disclosure
Unfortunately, sometimes you or your development team make development/testing something on the production websites. We know it 😉
Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access to other users’ accounts, view sensitive files, “sph” files, modify other users’ data, change access rights, etc. A2:2017-Broken Authentication, A5:2017-Broken Access Control.
phpinfo.php, info.php, test.php, log.txt, error_log, etc.
config.local.php.{save,bck,log,lol,old}, backup.zip, old_store/, new_store, etc.
sph{1,2,3,4,l,lite}.php, admin.php, adminer.php, etc.
Instead of “adminer.php
” script we highly recommend using the secure installation of PHPMyAdmin.
Insecure сode
Plugins and themes that aren’t from reputable resources could be introducing vulnerabilities to your site or affect performance. If you need free themes and plugins, install them from the official CS-Cart marketplace. When buying premium themes and plugins from developers, be sure to check the vendor’s reputation.
Never install nulled or cracked plugins, which are versions of premium plugins from free sites/forums, designed to cause harm, or collect sensitive information.
What’s more?
Read more about security recommendations here or subscribe to our newsletters!