Opencart Security

How to Prevent OpenCart Malware Injection

Updated on: March 29, 2020

How to Prevent OpenCart Malware Injection

For years OpenCart has been a popular choice for e-commerce websites due to its ease of use, simple installation, and minimal investment. Popularity comes at a price – OpenCart has been target to malware, credit card skimming, backdoors and very targeted exploits.

We work with OpenCart store owners round the clock in cleaning malware injections and the reasons for being hacked are always the same.

The top reasons for you OpenCart store being hacked:

Opencart Malware Removal

1. OpenCart Version Has Never Been Updated

Since many of the OpenCart stores have been customized by changing the core files, developers avoid updating the OpenCart version and lose out on critical security patches.

It is good practice to use a Modification System to update your OpenCart Store:

If you have made all your modifications using any of the above modification systems, you can update your OpenCart store without any hassle in future. This will ensure that latest security patches are installed and your store is malware free.

2. Plugins With Weak Security Practices

As a thumb rule, only install extensions from trusted developers. Plugins that do not follow the security best practices, may leave critical vulnerabilities which are commonly exploited by hackers.

3. No Website Firewall or Bad Bot Protection

Due to automation, it is very easy to find and exploit vulnerabilities. Use of a Website Firewall like Astra is very important to fight hackers and bad bots. Such firewalls scan all incoming requests and block all hack attempts and OpenCart malware.

4. Unrestricted File Uploads & Unsanitized User Inputs

Some older versions of OpenCart were vulnerable to input field manipulation and could be used to inject malicious payloads. Custom developed features usually lack proper input sanitization like XSS removal,  data validation & encoding before storing in the database. An example payload can be seen below.

OpenCart Malware Removal getastra.com/opencart-security

Consequences of OpenCart Malware

Without necessary security mechanisms, hackers are able to run their malicious code on vulnerable websites like. The consequences of OpenCart Malware Injection can be fatal:

  • Google Safe Browsing Blacklisting
  • Theft of Customer Data
  • Theft of Transaction Records
  • Unwanted Redirects to Malicious Sites
  • Spamvertizing

Google regularly runs malware scans and notifies Google Search users if any malware is found on your OpenCart store. This will result in a loss of reputation for your store and customers may not feel safe performing transactions.  “This Might be Hacked” warning from Google looks like this:

OpenCart Malware Injection Prevention and Fixing

How You Can Avoid OpenCart Malware Injection

Since OpenCart is Open Source, attackers have a better idea of the software you’re running and any publicly known security issues. Use the following proactive security tips to secure your store from OpenCart malware:

  • Delete the “/install” directory after setup is complete
  • Set the correct file permissions for files and folders
    • Folders should have 755 permission
    • Files should have 644 permission
    • config.php and admin/config.php should have 444 permission
  • Regularly update your OpenCart version
  • Use a modification system like OCMOD or vQmod to make changes to the OC core
  • Only install extensions by Trusted Developers
  • Change the Admin URL by renaming the ‘admin’ folder. It should be a secret word that only you should know.
  • Disable Directory by adding this code to your .htaccess file
    Options -Indexes
  • Use of a Website Firewall like Astra to fight hackers and bad bots

If you’ve faced similar problems because of malware, tell us in the comments section below. We may be able to help!

Also, check the case study of Dim-el, E-commerce store powered by Opencart and how Astra firewall secured it from the attackers.

Astra review

Was this post helpful?

Tags: , ,

Shubham Agarwal

A linux user who crashes his machine more that using it. Passionate about cyber security and digger of good food. Expect faster replies on stackoverflow than facebook.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

21 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Kanishka
Kanishka
3 years ago

So if I don’t want to use paid services what other free open source options I have to secure myself

Joy
3 years ago
Reply to  Kanishka

Kanishka, as mentioned in the article it is advisable to work on OpenCart configurations to lock-down all the possibilities by which a hacker/malware can enter the website. The thing is, sometimes OpenCart by default does not comes with best security configurations. So, as a developer/store owner one should go the extra mile to ensure OpenCart configurations & server lock down is in place.
However, Open Source security tools like Mod Security can help here to flag users with malicious intent.

lasertest
lasertest
3 years ago

Way cool! Some very valid points! I appreciate you
writing this post and the rest of the site is extremely
good.

wa tweaks apk
wa tweaks apk
3 years ago

What a stuff of un-ambiguity and preserveness of valuable experience concerning unpredicted emotions.

assyrian.irib.ir
assyrian.irib.ir
3 years ago

Attractive section of content. I just stumbled upon your weblog and in accession capital to assert
that I get in fact enjoyed account your blog posts.
Anyway I will be subscribing to your feeds and even I achievement you access
consistently quickly.

kongregate
kongregate
3 years ago

I’m not sure where you’re getting your information, but great topic.
I needs to spend some time learning more or understanding
more. Thanks for wonderful info I was looking for this information for my mission.

Victor
Victor
3 years ago

I have been exploring for a little for any high quality articles or weblog posts in this kind of house .
Exploring in Yahoo I eventually stumbled upon this website.
Studying this info So i’m happy to exhibit that I have an incredibly
excellent uncanny feeling I discovered just what I needed.
I so much indubitably will make sure to do
not omit this site and provides it a look regularly.

Sonya
Sonya
3 years ago

Incredible points. Great arguments. Keep up the amazing work.

Agustin
Agustin
3 years ago

If you are going for most excellent contents like I do,
simply pay a visit this website every day because
it gives quality contents, thanks

Anonymous
Anonymous
3 years ago

Somebody necessarily assist to make significantly posts I might state.
This is the very first time I frequented your web page and
to this point? I amazed with the research you made to create
this particular publish incredible. Magnificent process!

Beat
Beat
3 years ago

Hi my loved one! I wish to say that this article is awesome, nice written and include approximately all vital infos.

I’d like to peer more posts like this .

Emery
Emery
3 years ago

Mʏ brotһer suggеsted I might like this
blog. He was totally right. This post trսly made my
day. You can not imagine just how much time I had ѕpᥱnt for this
info! Thanks!

Jaqueline
Jaqueline
3 years ago

Awesome blog! Do you have any recommendations for aspiring writers?

I’m planning to start my own site soon but I’m a little lost on everything.
Would you suggest starting with a free platform like WordPress or go for a paid option? There
are so many options out there that I’m completely overwhelmed ..

Any tips? Thanks!

trackback

[…] the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious […]

trackback

[…] the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious […]

John
John
3 years ago

I don’t even know how I stopped up here, but
I thought this post was great. I don’t understand who you’re
but definitely you are going to a well-known blogger in the event you aren’t already.
Cheers!

Ga Tre
Ga Tre
3 years ago

I want to express my love for your kind-heartedness in support of folks who require assistance with this particular situation. Your special commitment to passing the message all over appeared to be
wonderfully practical and have continuously helped others like me to
achieve their targets. Your personal invaluable help signifies a
great deal to me and even more to my mates. With thanks; from each one of us.

website
website
3 years ago

Hi, It is very unfortunate that I found out that my website have been injected with the following malware. This happened when I suddenly noticed OC went into an error 503. After 7-8 hours of slow, crappy service from my provider they finally managed to bring it up but I couldn’t access any other subdomains I have. Suspicious I ran a scan and found out the above mentioned malware. Can I know if there is a way for me to clean it up? Are the backup still safe to run as I haven’t backed up my data for awhile? Thanks… Read more »

Shikhil Sharma
Admin
3 years ago
Reply to  website

Yes there is a way to clean it up. Please assure you check all you payment API’s first of all, as we have seen a huge rise in malware directly aiming to steal your customer payments. Assure that there are no JS files which you do not identify with (we saw a case where a JS file was copying all the card information to hacker servers. Additionally, assure that PHP files have no extra hex encoded code or base64 encoded code appended within them.

If you need any assistance, feel free to reach us.

Voyance
Voyance
3 years ago

Hi there, all is going perfectly here and ofcours every one is sharing data, that’s actually
excellent, keep up writing.

Makler Heidelberg
Makler Heidelberg
2 years ago

Der Artikel ist wirklich gut. Das Thema hat mich schon lange interessiert und ich konnte hier noch einiges ergänzendes finden. Ich kann es kaum erwarten, weitere Neuigkeiten zu
lesen. Danke und Grüße aus Heidelberg Marco Feindler

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany