Our Magento account was hacked; files deleted; hosting company is unable to restore












1















Magento 1.9.1
Porto theme
Managed VPS from Hostforweb
CentOS 7.x/WHM / Cpanel


We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:





The uploaded backups do not contain the Magento installation.
However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
https://www.ourdomain.com/index.php/
This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.





We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.



I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.



How to restore our site? What is the best course of action forward?





UPDATED on October 19th, 2018:



The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)



enter image description here





NEW update on October 19th, 2018:



The hosting company keeps trying to install this.



We now have the following Error on the front page:



There has been an error processing your request
SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')

Trace:
#0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
#1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
#2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
#3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
#4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
#5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
#6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
#7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
#8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
#9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
#10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
#11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
#12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
#13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
#14 /home/product/public_html/index.php(87): Mage::run('', 'store')
#15 {main}

Error log record number: 1076426995669









share|improve this question





























    1















    Magento 1.9.1
    Porto theme
    Managed VPS from Hostforweb
    CentOS 7.x/WHM / Cpanel


    We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:





    The uploaded backups do not contain the Magento installation.
    However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
    https://www.ourdomain.com/index.php/
    This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
    The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.





    We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.



    I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.



    How to restore our site? What is the best course of action forward?





    UPDATED on October 19th, 2018:



    The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
    404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)



    enter image description here





    NEW update on October 19th, 2018:



    The hosting company keeps trying to install this.



    We now have the following Error on the front page:



    There has been an error processing your request
    SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')

    Trace:
    #0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
    #1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
    #2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
    #3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
    #4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
    #5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
    #6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
    #7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
    #8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
    #9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
    #10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
    #11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
    #12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
    #13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
    #14 /home/product/public_html/index.php(87): Mage::run('', 'store')
    #15 {main}

    Error log record number: 1076426995669









    share|improve this question



























      1












      1








      1








      Magento 1.9.1
      Porto theme
      Managed VPS from Hostforweb
      CentOS 7.x/WHM / Cpanel


      We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:





      The uploaded backups do not contain the Magento installation.
      However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
      https://www.ourdomain.com/index.php/
      This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
      The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.





      We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.



      I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.



      How to restore our site? What is the best course of action forward?





      UPDATED on October 19th, 2018:



      The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
      404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)



      enter image description here





      NEW update on October 19th, 2018:



      The hosting company keeps trying to install this.



      We now have the following Error on the front page:



      There has been an error processing your request
      SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')

      Trace:
      #0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
      #1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
      #2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
      #3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
      #4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
      #5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
      #6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
      #7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
      #8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
      #9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
      #10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
      #11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
      #12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
      #13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
      #14 /home/product/public_html/index.php(87): Mage::run('', 'store')
      #15 {main}

      Error log record number: 1076426995669









      share|improve this question
















      Magento 1.9.1
      Porto theme
      Managed VPS from Hostforweb
      CentOS 7.x/WHM / Cpanel


      We got hacked. Files were deleted and our site was and is down. I have a full cPanel backup which I made available to our hosting company (I gave them the last 2 I made) in order for them to restore the site to the way it was before the hack. It's been more than 20 hours now and it has not been restored yet. They tried to restore it but the site loads all broken (without images etc.) and they sent me this:





      The uploaded backups do not contain the Magento installation.
      However, I was able to gather some missing parts from the provided backups and forged a loading frontend:
      https://www.ourdomain.com/index.php/
      This website is still damaged and you have to proceed with a manual migration of the store to a fresh Magento installation. We do not provide such service, but you can hire a seasoned Magento web developer who will take care of the transition.
      The store was hacked and the cPanel account infected due to security exploits found in this outdated Magento version.





      We would like to continue running the same (1.9.1) version of Magento though because we tried the new 2.x version and it does not really run well on this server.



      I do have another backup of the HTML files and the database I made some time back via Cpanel as well as all the files I just downloaded via FTP.



      How to restore our site? What is the best course of action forward?





      UPDATED on October 19th, 2018:



      The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error:
      404 error: Page not found. (showing on a generic Magento page with Magento logo and Magento colors)



      enter image description here





      NEW update on October 19th, 2018:



      The hosting company keeps trying to install this.



      We now have the following Error on the front page:



      There has been an error processing your request
      SQLSTATE[42S02]: Base table or view not found: 1146 Table 'product_product.mg_core_url_rewrite' doesn't exist, query was: SELECT COUNT(*) FROM `mg_core_url_rewrite` AS `rewrite` WHERE (request_path IN ('', '/')) AND (id_path LIKE 'category/%')

      Trace:
      #0 /home/product/public_html/lib/Varien/Db/Statement/Pdo/Mysql.php(110): Zend_Db_Statement_Pdo->_execute(Array)
      #1 /home/product/public_html/app/code/core/Zend/Db/Statement.php(291): Varien_Db_Statement_Pdo_Mysql->_execute(Array)
      #2 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array)
      #3 /home/product/public_html/lib/Zend/Db/Adapter/Pdo/Abstract.php(238): Zend_Db_Adapter_Abstract->query('SELECT COUNT(*)...', Array)
      #4 /home/product/public_html/lib/Varien/Db/Adapter/Pdo/Mysql.php(428): Zend_Db_Adapter_Pdo_Abstract->query('SELECT COUNT(*)...', Array)
      #5 /home/product/public_html/lib/Zend/Db/Adapter/Abstract.php(828): Varien_Db_Adapter_Pdo_Mysql->query(Object(Varien_Db_Select), Array)
      #6 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1355): Zend_Db_Adapter_Abstract->fetchOne(Object(Varien_Db_Select))
      #7 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(361): Amasty_Fpc_Model_Fpc_Front->isCategoryPage()
      #8 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(411): Amasty_Fpc_Model_Fpc_Front->getNormalizedUrl()
      #9 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(778): Amasty_Fpc_Model_Fpc_Front->getCacheKey()
      #10 /home/product/public_html/app/code/local/Amasty/Fpc/Model/Fpc/Front.php(1407): Amasty_Fpc_Model_Fpc_Front->fetch()
      #11 /home/product/public_html/app/code/core/Mage/Core/Model/Cache.php(687): Amasty_Fpc_Model_Fpc_Front->extractContent(false)
      #12 /home/product/public_html/app/code/core/Mage/Core/Model/App.php(340): Mage_Core_Model_Cache->processRequest()
      #13 /home/product/public_html/app/Mage.php(684): Mage_Core_Model_App->run(Array)
      #14 /home/product/public_html/index.php(87): Mage::run('', 'store')
      #15 {main}

      Error log record number: 1076426995669






      magento-1.9 security






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 25 '18 at 7:00









      Shashank Kumrawat

      1,3641341




      1,3641341










      asked Oct 19 '18 at 9:25









      AllysinAllysin

      103838




      103838






















          3 Answers
          3






          active

          oldest

          votes


















          0














          sorry to hear that. It's always a hassle.
          First of all, any files you downloaded after the hack cannot be trusted.
          They might be infected.



          If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
          This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.



          For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.



          Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.



          Very import: even when you restore your shop; the leak is still there. This has to be fixed.






          share|improve this answer
























          • What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

            – Allysin
            Oct 19 '18 at 9:51











          • @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

            – Sander Mangel
            Oct 19 '18 at 10:12











          • I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

            – Allysin
            Oct 19 '18 at 10:35



















          0














          What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?






          share|improve this answer
























          • It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

            – Allysin
            Oct 19 '18 at 9:50











          • Any screenshot?

            – Richard Feraro
            Oct 19 '18 at 9:51











          • @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

            – Allysin
            Oct 19 '18 at 9:56











          • Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

            – Richard Feraro
            Oct 20 '18 at 0:57



















          -5














          Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/





          share








          New contributor




          Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "479"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f247101%2four-magento-account-was-hacked-files-deleted-hosting-company-is-unable-to-rest%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            sorry to hear that. It's always a hassle.
            First of all, any files you downloaded after the hack cannot be trusted.
            They might be infected.



            If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
            This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.



            For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.



            Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.



            Very import: even when you restore your shop; the leak is still there. This has to be fixed.






            share|improve this answer
























            • What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

              – Allysin
              Oct 19 '18 at 9:51











            • @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

              – Sander Mangel
              Oct 19 '18 at 10:12











            • I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

              – Allysin
              Oct 19 '18 at 10:35
















            0














            sorry to hear that. It's always a hassle.
            First of all, any files you downloaded after the hack cannot be trusted.
            They might be infected.



            If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
            This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.



            For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.



            Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.



            Very import: even when you restore your shop; the leak is still there. This has to be fixed.






            share|improve this answer
























            • What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

              – Allysin
              Oct 19 '18 at 9:51











            • @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

              – Sander Mangel
              Oct 19 '18 at 10:12











            • I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

              – Allysin
              Oct 19 '18 at 10:35














            0












            0








            0







            sorry to hear that. It's always a hassle.
            First of all, any files you downloaded after the hack cannot be trusted.
            They might be infected.



            If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
            This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.



            For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.



            Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.



            Very import: even when you restore your shop; the leak is still there. This has to be fixed.






            share|improve this answer













            sorry to hear that. It's always a hassle.
            First of all, any files you downloaded after the hack cannot be trusted.
            They might be infected.



            If you have a backup I'd suggest to work from that. A Magento developer should be able to tell you what is in there and what might be missing.
            This can be supplemented either from a vanilla Magento installation or will need the re-importing of products and images.



            For your database as well, I'm afraid you will lose some orders. Best to restore to the latest version from before the hack.



            Regarding the hosting; I'm not sure what the knowledge of Magento is within the hosting company but I expect it's low. Although it will be more expensive I can recommend looking at a hosting company that has a little bit more knowledge of Magento as they would be able to help you faster in the future.



            Very import: even when you restore your shop; the leak is still there. This has to be fixed.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Oct 19 '18 at 9:36









            Sander MangelSander Mangel

            34.7k469136




            34.7k469136













            • What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

              – Allysin
              Oct 19 '18 at 9:51











            • @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

              – Sander Mangel
              Oct 19 '18 at 10:12











            • I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

              – Allysin
              Oct 19 '18 at 10:35



















            • What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

              – Allysin
              Oct 19 '18 at 9:51











            • @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

              – Sander Mangel
              Oct 19 '18 at 10:12











            • I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

              – Allysin
              Oct 19 '18 at 10:35

















            What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

            – Allysin
            Oct 19 '18 at 9:51





            What is a full cPanel backup good for then? I thought it has all the HTML files and the database and you can just unzip it and restore it back the way it was when the backup was made?

            – Allysin
            Oct 19 '18 at 9:51













            @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

            – Sander Mangel
            Oct 19 '18 at 10:12





            @Allysin as far as I know that should be exactly that. However, I do not know how the hosting company set this up

            – Sander Mangel
            Oct 19 '18 at 10:12













            I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

            – Allysin
            Oct 19 '18 at 10:35





            I did the install through Softaculous back in the day...it's just bunch of HTML files connecting to a database, isn't it? Can you please see my update in the original ticket?

            – Allysin
            Oct 19 '18 at 10:35













            0














            What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?






            share|improve this answer
























            • It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

              – Allysin
              Oct 19 '18 at 9:50











            • Any screenshot?

              – Richard Feraro
              Oct 19 '18 at 9:51











            • @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

              – Allysin
              Oct 19 '18 at 9:56











            • Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

              – Richard Feraro
              Oct 20 '18 at 0:57
















            0














            What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?






            share|improve this answer
























            • It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

              – Allysin
              Oct 19 '18 at 9:50











            • Any screenshot?

              – Richard Feraro
              Oct 19 '18 at 9:51











            • @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

              – Allysin
              Oct 19 '18 at 9:56











            • Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

              – Richard Feraro
              Oct 20 '18 at 0:57














            0












            0








            0







            What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?






            share|improve this answer













            What error shows up when you initially found out the attack? I think the error will reveal if it was just a few core files or templates than can be restored from a public copy?







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Oct 19 '18 at 9:48









            Richard FeraroRichard Feraro

            23915




            23915













            • It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

              – Allysin
              Oct 19 '18 at 9:50











            • Any screenshot?

              – Richard Feraro
              Oct 19 '18 at 9:51











            • @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

              – Allysin
              Oct 19 '18 at 9:56











            • Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

              – Richard Feraro
              Oct 20 '18 at 0:57



















            • It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

              – Allysin
              Oct 19 '18 at 9:50











            • Any screenshot?

              – Richard Feraro
              Oct 19 '18 at 9:51











            • @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

              – Allysin
              Oct 19 '18 at 9:56











            • Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

              – Richard Feraro
              Oct 20 '18 at 0:57

















            It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

            – Allysin
            Oct 19 '18 at 9:50





            It was just showing a directory structure on the screen. Folders not relevant to Magento. No Error message.

            – Allysin
            Oct 19 '18 at 9:50













            Any screenshot?

            – Richard Feraro
            Oct 19 '18 at 9:51





            Any screenshot?

            – Richard Feraro
            Oct 19 '18 at 9:51













            @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

            – Allysin
            Oct 19 '18 at 9:56





            @ Richard Feraro I think I copied the folder names and saved it on the local machine but I'm not on there now...I remember there was the Magento Connect folder that I renamed to something really strange long time before because I didn't want people attacking that. The hosting company restored the front page perfectly now but when I click on most of the products - it gives the following Error: 404 error: Page not found. (with a generic Magento page)

            – Allysin
            Oct 19 '18 at 9:56













            Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

            – Richard Feraro
            Oct 20 '18 at 0:57





            Try checking if there is a file .htaccess in the Magento root directory. It is a hidden file and it handles the URL redirects.

            – Richard Feraro
            Oct 20 '18 at 0:57











            -5














            Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/





            share








            New contributor




            Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.

























              -5














              Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/





              share








              New contributor




              Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.























                -5












                -5








                -5







                Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/





                share








                New contributor




                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.










                Sorry to hear that. You should get your website investigated and ensure it is protected for future - Do check Infigic's Magento security services - https://www.infigic.com/magento-security-services/






                share








                New contributor




                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.








                share


                share






                New contributor




                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                answered 9 mins ago









                Sharon InfigicSharon Infigic

                11




                11




                New contributor




                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.





                New contributor





                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






                Sharon Infigic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Magento Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f247101%2four-magento-account-was-hacked-files-deleted-hosting-company-is-unable-to-rest%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Magento 2 controller redirect on button click in phtml file

                    Polycentropodidae