Каталог дополнений
News and articles
Opencart is a free engine for creating online stores
21 May 2025
Opencart is a free engine for creating online stores

Which version of OpenCart / ocStore should I choose in 2024 and where to download it.

 
 
 
 
 
Termination of Cooperation with CXEMA2025
14 May 2025
Termination of Cooperation with CXEMA2025

Due to a violation of the site rules by the author CXEMA2025, we are disabling their account and removing all their modules from sale.

 
 
 
 
 
Best-selling templates and extensions in April 2025
06 May 2025
Best-selling templates and extensions in April 2025

Best-selling templates and extensions in April 2025: sitemap, product filter, landing page builder

 
 
 
 
 
Selection of new modules for OpenCart – April 2025
03 May 2025
Selection of new modules for OpenCart – April 2025

New arrivals for April 2025: same manufacturer products, Yandex Split, info block on the product page

 
 
 
 
 
Paid and free generation of SEO URLs in OpenCart
Paid and free generation of SEO URLs in OpenCart

A brief description of how to correctly create OpenCart SEO URLs for free or paid.

 
 
 
 
 
Home » Opencart Articles » Removing viruses from a website: How to do it?

Removing viruses from a website: How to do it?

 
Removing viruses from a website: How to do it?

Author: halfhope

This article presents a step-by-step algorithm for removing viruses from an OpenCart-based website. This guide is best suited for technically skilled users who have a strong understanding of coding and can effectively utilize various tools to troubleshoot issues. Even if you are using another CMS or platform, the information provided here may still be useful.

From the Author

If you need help cleaning your website or server, contact me via Telegram (halfhope). I will provide you with details about the cost and timeline. The cleaning service includes a 1-year warranty.

Quick Algorithm

  1. Create a backup of your website.
  2. Download the backup.
  3. Clean it on your local machine.
  4. Change all possible passwords.
  5. Delete the files and database from the server.
  6. Upload the cleaned files and database back to the server.

If anything is missed, set up monitoring:

The recommended monitoring period is 3-4 weeks.

Detailed Description

Preparation

To download the site files and database to your local computer, the easiest way is to create a single zip archive. The image folder can be excluded since it contains images and no executable files. However, you should check it later before uploading the cleaned version of the site.

Use OpenServer/WAMP/LAMP/XAMPP or similar tools to create a new database and import the site’s database dump.

Extract the files into a folder that is convenient for your work.

Working with the Database

  1. Locate the oc_user table and delete all users except the administrator. It is recommended to change the administrator username to protect the account from password guessing attempts.
  2. Update the administrator password. Replace the current password in the oc_user table with the MD5 hash of the new password and clear the salt field.
  3. Open the oc_modification table, which stores module modifiers. Check the modifier code for vulnerabilities, as some botnets since 2020 have used OpenCart modifiers for reverse shell connections.

Working with Files

  1. Remove unnecessary elements: phpinfo, cache, logs, unused themes (except the default), languages, and modified files (e.g., system/storage/modification).
  2. Check the files for malicious code. Use tools such as ai-bolit (Revisium), ShellDetector, LMD, antivirus software, and others.
  3. Pay special attention to additional entry points through $_POST, $_GET, $_COOKIE, and hidden scripts.
  4. Use tools like GIT, Beyond Compare, or WinMerge to compare current files with the original engine version for faster analysis.
  5. Analyze server access logs to identify infected files.

Create a zip archive of the cleaned files.

Working on the Server

  1. Add a stub with HTTP status code 503 (Service Unavailable) and restrict access by IP.
  2. Change all passwords: control panel, database, FTP, and email accounts.
  3. Delete the old database and import the cleaned version.
  4. Remove all site files from the hosting server, except for the image folder and the stub. Delete all non-image files from the image folder.
  5. Upload the cleaned files to the server and update passwords in the configuration files.
  6. Access the admin panel and update the modifiers.
  7. Set up additional HTTP authorization to protect the admin panel from brute-force attacks.
  8. Enable query logging and set up file change monitoring using a PHP script.

Note that modern botnets can "hide" after file deletion. Extend the monitoring period to detect reinfections promptly.

General Recommendations

  • Avoid using pirated software. Check the vendor’s legitimacy here.
  • Use strong passwords or password generators.
  • Avoid default usernames like "admin".
  • Create separate accounts for contractors and disable them after their work is complete.
  • Monitor file changes regularly.
  • Make regular backups and test their validity.

For OpenCart

For OpenCart, I recommend the FSMonitor module, which tracks new, modified, and deleted files. It can be set up for automatic execution via Cron and send notifications about changes. You can also manually review files altered by contractors. Download the module here.

Рекомендуем посмотреть
Рекомендуем прочитать
 
 


Yet, no one has left a comment to the entry.
 
English