Here is how you can add an admin account to your Opencart 2.X store using phpMyAdmin/MySQL database. This guide would come handy if you are unable to add the administrator account from the OpenCart panel, or have forgotten your password. Also helpful if you're an agency/developer and the customer hasn't given you administrator access. If you feel your store has…
What is WordPress wp-vcd Malware? We recently saw a new type of malware infecting WordPress websites by leveraging loopholes in outdated plugins and themes. The wp-vcd malware creates backdoors in your website by adding hidden WordPress admin users. Some variants of the malicious code have been seen to modify core WordPress files and also add new files in the /wp-includes…
What is Cloki Malware? A new kind of malware has surfaced, dubbed as "Cloki" which has been slowing down (& also crashing) vulnerable Joomla & WordPress websites. The malware is able to execute core system commands without having access to cPanel or SSH. It is able to add a cron job so that the malware code is executed repeatedly in…
What is Crypto Mining Malware (CoinHive Javascript)? How are you affected? CoinHive is an online service which provides cryptocurrency miners (crypto mining malware) that can be installed on websites using JavaScript. The JavaScript miner runs in the browser of the website visitors and mines coins on the Monero blockchain. It is promoted as an alternative to placing advertising on the website.…
One of the worst feelings you can experience as a website owner is finding out that your website has been hacked. If proactive security measures are not taken - a hacker may be able to launch Pharma attacks, Phishing pages, Japanese SEO spam, Redirection Malware etc. through WordPress Admin panel hack. A new type of wp-admin hack has surfaced which adds an…
Magento & OpenCart Credit Card Hijack Credit Card malware or Credit Card Hijack is when malicious PHP/JavaScript code is injected into Magento and OpenCart shops which allow hackers to intercept credit card data. This new way of credit card fraud has been undetected for 6 months. There are many cases in which hackers have targeted Magento Payment Security. What is Credit…
With the rise in Magento related security incidents, it is important to restrict access to the Magento admin area. One foolproof way to secure the Magento backend from password guessing attacks is to only allow access to trusted IP addresses. This drastically minimizes the security risk and only takes a couple of minutes to configure. In this guide, we will…
We’ve been watching a specific malware infection targeting OpenCart & WordPress websites for several months. It's commonly referred to as the pub2srv malware infection which redirects your website visitors to other malicious domains like go.pub2srv[.]com go.mobisla[.]com go.oclaserver[.com] deloton.com/afu.php?zoneid= site Screenshot of WordPress user request help in the forum What is pub2srv malware? What are its symptoms? It is a malware…
Common signs of your OpenCart store being vulnerable to Cross-site Scripting is malicious popups, credit card information theft and compromise of username/passwords of your users. While OpenCart takes security very seriously, new security issues may be discovered over time. Poorly coded extensions tend to be the #1 cause of security breaches. In this guide, we'll talk about what XSS is,…
Most customers discover that their website is hacked on seeing the 'Red Screen of Death' by Google or when a customer tells them. This can be dangerous because it means your website has been infected for a long time and may have damaged your website's reputation and privacy. Websites have become central to all businesses these days. They handle everything from e-Commerce…
