Question: |
Good day!We have hacked the site izumka.com.ua. tell me, please, do you have a backup of the website at 13.07.15 and can you restore it?Thank you |
Answer: |
Hello. On a specified date only have the backup. Files are created once a week. To clarify the availability of the backup files? |
Question: |
Specify, please.thank you |
Answer: |
please Wait. |
Answer: |
Hello. there are backups and for 12 and 13 but it does not solve the problem. on what engine your website? now we will first check it for viruses. |
Answer: |
site verified. upon completion of check a report will be generated then we can rebuild the website TIZ backup based on the report, you will need to take action. perhaps the site has a critical vulnerability which need astriti. well, check if you have on the website weak passwords |
Question: |
The website on the engine, PrestaShop 1.6.1.15 a Vulnerability exists in the template. After recovery of the loans, \"patching up holes\".Thank you. |
Answer: |
there are \"holes\" the site is checked. this is not the first hacking site. |
Question: |
On the server a lot of files that are date-changes 13 Jul. So, to restore at least the 12th |
Question: |
And probably scan for viruses after recovery.. |
Answer: |
please Wait. |
Answer: |
here, look https://izumka.com.ua/AI-BOLIT-REPORT-__-298322-14-07-2016_05-50.html criticisms Vulnerabilities in scripts (3) /home/zatoleg/web/izumka.com.ua/public_html/0424/modules/revsliderprestashop/inc_php/framework/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/35385/ /home/zatoleg/web/izumka.com.ua/public_html/0606/modules/revsliderprestashop/inc_php/framework/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/35385/ /home/zatoleg/web/izumka.com.ua/public_html/modules/revsliderprestashop/inc_php/framework/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/35385 |
Question: |
After restoring files with critical vulnerabilities will be removed (the modules are not used).I understand that I alone can not restore data from backup.Is it really so?Will You be able to check the site for vulnerabilities after recovery?Thank you. |
Answer: |
Yes, the apartments. in Your panel, login as the user, zaidie partition backup , select backup and swipe nony vosstanovlenie him. |
Question: |
Successfully completed the recovery from 12/7/16, phishing, however, the file still remained. I understand he`s been there before.Now (1.5 hours ago) put in recovery from 11/7/16. Tell me, please, how long to wait for recovery and how to know that the recovery is still in the job queue.Thank you. |
Answer: |
the website https://izumka.com.ua/ru/ works. alconet where you see a phishing site. |
Question: |
The phishing page was home/zatoleg/web/izumka.com.ua/public_html/config/xml/blog-ru.xml (removed manually). Its contents contained a text with reference to PayPal and was completely different from the original. |
Question: |
And backup for 11/7, as I understand it, already deleted and therefore, the rollback never happened. Right? |
Answer: |
Yes, in the 11th number of copies. |
Question: |
If you can, scan again, please vostanovleniju version of the site I-Bolita.Thank you. |
Answer: |
Site is checked |
Question: |
Thank you, waiting for.. |
Answer: |
ok
|
Answer: |
validation result izumka.com.ua/AI-BOLIT-REPORT-__-989525-14-07-2016_19-53.html |
Question: |
Thanks for checking.The attack continues.Tell me, please, is there any chance that the hacked server, not just scripts CMS?Thank you |
Answer: |
no. the site you were hacked a long time ago. it is necessary to eliminate vulnerabilities. TK is also recommended to contact the company revisium https://revisium.com/ru/order/#fform they fix the website and supply security guarantee |
Question: |
That is, You guarantee that the attacker got access to your VPS and not changed (added) the system files.We thought we`d ask You to reconfigure the server from scratch and reinstall an SMS site.If reinstalling the server is not required, write. We then proceed to reinstall the system. |
Answer: |
the server is not hacked. the only problem is the website |
Question: |
Excellent, thank you. |
Answer: |
ok
|
Question: |
When installing SMS PrestaShop in the log error:PHP Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/zatoleg/web/izumka.com.ua/public_html:/home/zatoleg/tmp) in /home/zatoleg/web/izumka.com.ua/public_html/classes/PrestaShopAutoload.php 158Подскажите on line, please how to fix this error. |
Answer: |
you ostanovilsya website? |
Question: |
Is not installed. Redirects to /install/ and white screen.In the logs [Fri Jul 15 06:27:30 2016] [error] [client 95.132.139.103] PHP Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/home/zatoleg/web/izumka.com.ua/public_html:/home/zatoleg/tmp) in /home/zatoleg/web/izumka.com.ua/public_html/classes/PrestaShopAutoload.php on line 158[Fri Jul 15 06:27:30 2016] [error] [client 95.132.139.103] PHP Fatal error: Class `Tools` not found in /home/zatoleg/web/izumka.com.ua/public_html/classes/PrestaShopAutoload.php on line 168 |
Answer: |
you all the files uploaded? |
Question: |
Yes, Tools were also.Now we are going to install on the local computer and fill already installed. |
Answer: |
there you have no files watch, then you drwxr-x--x 10 zatoleg zatoleg 4096 Jul 15 06:32 . drwxr-x--x 10 zatoleg zatoleg 4096 Jul 15 04:25 .. -rw------- 1 zatoleg zatoleg 18 Jun 16 19:20 .ftpquota -rw-rw-r-- 1 zatoleg zatoleg 13454306 Jul 15 04:45 1.ZIP drwxr-xr-x 9 zatoleg zatoleg 4096 May 20 13:10 _adizumka drwxr-xr-x 17 zatoleg zatoleg 4096 May 23 04:53 _classe_ drwxr-xr-x 4 zatoleg zatoleg 4096 May 20 13:10 _controller_ -rw-r--r-- 1 zatoleg zatoleg 894 Mar 18 2015 _favicon.ico drwxr-xr-x 19 zatoleg zatoleg 4096 May 28 16:42 _img drwxr-xr-x 2 zatoleg zatoleg 4096 May 20 13:10 _localization drwxr-xr-x 130 zatoleg zatoleg 4096 Jul 15 02:16 _mod_ drwxr-xr-x 5 zatoleg zatoleg 4096 May 20 14:20 _override_ drwxr-xr-x 5 zatoleg zatoleg 4096 May 28 16:42 _translations -rw-r--r-- 1 zatoleg zatoleg 53 Jan 7 2015 google2e3d279e05f45b87.html -rw-rw-r-- 1 zatoleg zatoleg 21544717 Jul 15 06:01 prestashop_1.6.1.5.zip -rw-rw-r-- 1 zatoleg zatoleg 21529488 Jul 15 04:04 prestashop_1.6.1.6.zip -rw-r--r-- 1 zatoleg zatoleg 169 May 19 04:55 yandex_727a62c63253d36e.html
is not all |
Question: |
I`ve unpacked the archives with the distributions of site version 1.6.1.5 and 1.6.1.6 (on the server).Unable to unzip again.. |
Answer: |
but there is not any index file Ani the installation folder nothing where are the actual files of the site? |
Question: |
See. All unpacked |
Answer: |
Yes but all the files have root user ! You have not changed the owner Your bug is fixed . check |
Question: |
Thank you. To learn more and learn.. |
Answer: |
ok
|