Our Magento account was hacked; files deleted; hosting company is unable to restore
Magento 1.9.1
Porto theme
Managed VPS from Hostforweb
CentOS 7.x/WHM / Cpanel
We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:
The uploaded backups do not contain the Magento installation.
However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
https://www.ourdomain.com/index.php/
This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.
We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.
I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.
How to restore our site? What is the best course of action forward?
UPDATED on October 19th, 2018:
The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)
NEW update on October 19th, 2018:
The hosting company keeps trying to install this.
We now have the following Error on the front page:
There has been an error processing your request
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')
Trace:
#0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
#4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
#5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
#6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
#7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
#8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
#9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
#10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
#11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
#12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
#13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#14 /home/product/public_html/index.php(87): Mage::run('', 'store')
#15 {main}
Error log record number: 1076426995669
magento-1.9 security
add a comment |
Magento 1.9.1
Porto theme
Managed VPS from Hostforweb
CentOS 7.x/WHM / Cpanel
We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:
The uploaded backups do not contain the Magento installation.
However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
https://www.ourdomain.com/index.php/
This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.
We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.
I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.
How to restore our site? What is the best course of action forward?
UPDATED on October 19th, 2018:
The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)
NEW update on October 19th, 2018:
The hosting company keeps trying to install this.
We now have the following Error on the front page:
There has been an error processing your request
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')
Trace:
#0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
#4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
#5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
#6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
#7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
#8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
#9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
#10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
#11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
#12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
#13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#14 /home/product/public_html/index.php(87): Mage::run('', 'store')
#15 {main}
Error log record number: 1076426995669
magento-1.9 security
add a comment |
Magento 1.9.1
Porto theme
Managed VPS from Hostforweb
CentOS 7.x/WHM / Cpanel
We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:
The uploaded backups do not contain the Magento installation.
However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
https://www.ourdomain.com/index.php/
This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.
We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.
I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.
How to restore our site? What is the best course of action forward?
UPDATED on October 19th, 2018:
The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)
NEW update on October 19th, 2018:
The hosting company keeps trying to install this.
We now have the following Error on the front page:
There has been an error processing your request
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')
Trace:
#0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
#4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
#5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
#6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
#7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
#8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
#9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
#10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
#11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
#12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
#13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#14 /home/product/public_html/index.php(87): Mage::run('', 'store')
#15 {main}
Error log record number: 1076426995669
magento-1.9 security
Magento 1.9.1
Porto theme
Managed VPS from Hostforweb
CentOS 7.x/WHM / Cpanel
We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:
The uploaded backups do not contain the Magento installation.
However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
https://www.ourdomain.com/index.php/
This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.
We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.
I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.
How to restore our site? What is the best course of action forward?
UPDATED on October 19th, 2018:
The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)
NEW update on October 19th, 2018:
The hosting company keeps trying to install this.
We now have the following Error on the front page:
There has been an error processing your request
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')
Trace:
#0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
#4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
#5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
#6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
#7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
#8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
#9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
#10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
#11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
#12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
#13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#14 /home/product/public_html/index.php(87): Mage::run('', 'store')
#15 {main}
Error log record number: 1076426995669
magento-1.9 security
magento-1.9 security
edited Oct 25 '18 at 7:00
Shashank Kumrawat
1,3641341
1,3641341
asked Oct 19 '18 at 9:25
AllysinAllysin
103838
103838
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
sorry to hear that. It's always a hassle.
First of all, any files you downloaded after the hack cannot be trusted.
They might be infected.
If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.
For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.
Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.
Very import: even when you restore your shop; the leak is still there. This has to be fixed.
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
add a comment |
What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
add a comment |
Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f247101%2four-magento-account-was-hacked-files-deleted-hosting-company-is-unable-to-rest%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
sorry to hear that. It's always a hassle.
First of all, any files you downloaded after the hack cannot be trusted.
They might be infected.
If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.
For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.
Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.
Very import: even when you restore your shop; the leak is still there. This has to be fixed.
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
add a comment |
sorry to hear that. It's always a hassle.
First of all, any files you downloaded after the hack cannot be trusted.
They might be infected.
If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.
For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.
Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.
Very import: even when you restore your shop; the leak is still there. This has to be fixed.
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
add a comment |
sorry to hear that. It's always a hassle.
First of all, any files you downloaded after the hack cannot be trusted.
They might be infected.
If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.
For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.
Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.
Very import: even when you restore your shop; the leak is still there. This has to be fixed.
sorry to hear that. It's always a hassle.
First of all, any files you downloaded after the hack cannot be trusted.
They might be infected.
If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.
For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.
Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.
Very import: even when you restore your shop; the leak is still there. This has to be fixed.
answered Oct 19 '18 at 9:36
Sander Mangel♦Sander Mangel
34.7k469136
34.7k469136
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
add a comment |
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?
– Allysin
Oct 19 '18 at 9:51
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
@Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up
– Sander Mangel♦
Oct 19 '18 at 10:12
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?
– Allysin
Oct 19 '18 at 10:35
add a comment |
What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
add a comment |
What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
add a comment |
What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?
What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?
answered Oct 19 '18 at 9:48
Richard FeraroRichard Feraro
23915
23915
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
add a comment |
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.
– Allysin
Oct 19 '18 at 9:50
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
Any screenshot?
– Richard Feraro
Oct 19 '18 at 9:51
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
@ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)
– Allysin
Oct 19 '18 at 9:56
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.
– Richard Feraro
Oct 20 '18 at 0:57
add a comment |
Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/
New contributor
add a comment |
Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/
New contributor
add a comment |
Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/
New contributor
Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/
New contributor
New contributor
answered 9 mins ago
Sharon InfigicSharon Infigic
11
11
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f247101%2four-magento-account-was-hacked-files-deleted-hosting-company-is-unable-to-rest%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e) {
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom)) {
StackExchange.using('gps', function() { StackExchange.gps.track('embedded_signup_form.view', { location: 'question_page' }); });
$window.unbind('scroll', onScroll);
}
};
$window.on('scroll', onScroll);
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown