I have a Zen-Cart site which was hacked so that the main site "[login to view URL]" file located at root level now has many [login to view URL] links which redirect from it.
I need someone who works fast to update Zen-Cart from 1.5.5f to 1.5.6a (I do have a few plug-in modules) and remove any hacked content at same time.
I have already changed the passwords for CPanel and ZC database.
Update Zen-Cart from 1.5.5f to 1.5.6a protect plug-in modules
1. backup files and database
2. Download [login to view URL] latest version for Unix/Apache
3. Install and merge files which are modified for plug-ins/make sure plug-ins up-to-date
4. test and verify
Secure Site, Remove Hacks, Verify
1. Secure website at [login to view URL] and Zen-cart installation at root
2. Remove hacks (example below)
3. Verify secure site
Example of hacked content:
Here is a long list of hacked pages, none of which appear to be in my site directory:
[login to view URL]
I did the first part of their suggestion on my own which is to implement a permanent redirect for any http URL to https, secure from .htacess file
I also changed passwords to the control panel and FTP accounts.
As you can see, many but not all of their exploits seem to add a query onto the zen-cart root URL at [login to view URL]
Here's the details from Google
Important: This report won't be available after Mar 28, 2019. Please use the new Security Issues report instead.
Security Issues Hacked with spam
A hacker may have modified your site to contain spammy content. To protect visitors to your site, Google’s search results may label your site’s pages as hacked. We may also show an older, clean version of your site.
These pages appear to be created by a hacker with the intent of spamming search results.
Sample URLs Last detected
[login to view URL] 3/10/19
I have fixed these issues
Pages like the sample URLs appear to be created by a hacker. Typically, the offending party gains access to an insecure directory that has open permissions. The new pages often contain spammy words or links.
Review our resources about hacked: URL injection.
Search “site:” in Google to confirm the existence of new pages.
Check the content of the new pages using Fetch as Google since the spammy content may be hidden with CSS (cloaking).
[login to view URL]